 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
And a darn good one at that! Derek Martin wrote: > I received this yesterday from an employee of Sendmail Inc. FYI. > Personally I think it's a marketing ploy... ;) > > ---------- Forwarded message ---------- > Date: Wed, 07 Jun 2000 18:42:25 -0700 > From: Tasha Lockyer <tasha at sendmail.com> > To: rhlcustomers at sendmail.com > Subject: Linux/Sendmail Pro Security Alert > > LINUX/SENDMAIL PRO SECURITY ALERT > > The Problem > A serious bug has been discovered in the Linux kernel that can be used > by local users to gain root access. The problem, a vulnerability in the > Linux kernel capability model, exists in kernel versions up to and > including version 2.2.15. This problem will affect programs that drop > setuid state and rely on losing saved setuid, even those that check that > the setuid call succeeded. > > How This Affects You > Because this vulnerability can be used to attack any setuid root program > that attempts to cede special permission, all sendmail users can be > exploited. Please note that this is NOT a sendmail security issue, but > rather a Linux issue that can manifest itself in the sendmail program. > As a result, this problem can be exploited on Sendmail Pro for Red Hat > Linux. > > How To Fix It > To resolve this issue, upgrade your Linux kernel to version 2.2.16 > immediately. If you are currently unable to obtain an upgrade from your > vendor, we strongly recommend that you upgrade from Sendmail Pro to > Sendmail Switch. Sendmail Switch 2.0.5 for Red Hat Linux includes a > check for this vulnerability in the kernel and if it is present, refuses > to run, thus making it impossible to use sendmail to exploit the > problem. Sendmail Single Switch is available only on the Sendmail Store > for the special promotional price of $99. To purchase this product, > please go to: > > http://www2.sendmail.com/store/ > > For more information on the Sendmail Switch product line, please see: > > http://www2.sendmail.com/products/routing/ > > -- > PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt > ------------------------------------------------------ > Derek D. Martin | Unix/Linux Geek > derekm at mediaone.net | derek at cerberus.ne.mediaone.net > ------------------------------------------------------ > > - > Subcription/unsubscription/info requests: send e-mail with > "subscribe", "unsubscribe", or "info" on the first line of the > message body to discuss-request at blu.org (Subject line is ignored). - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
