|
|
Пишет mumuntu (![[info]](http://lj.rossia.org/img/userinfo.gif){kind=small} mumuntu)@ 2003-03-05 00:57:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
| Настроение: | working |
| Музыка: | Ice Cube - I'm Only Out For One Thang |
[Security]: To whom it may concern, Sendmail remote root vulnerability analysis
Коллеги из LSD сделали довольно подробный анализ вчерашнего бага в Sendmail.
Краткие результаты:
Freebsd 4.4 - (default & self compiled Sendmail 8.11.6) does not crash
Solaris 8.0 x86 - (default & self compiled Sendmail 8.11.6) does not crash
Solaris 8.0 sparc - (default & self compiled Sendmail 8.11.6) does not crash
HP-UX 10.20 - (self compiled Sendmail 8.11.6) does not crash
IRIX 6.5.14 - (self compiled Sendmail 8.11.6) does not crash
AIX 4.3 - (binary of Sendmail 8.11.3 from bull.de) does not crash
RedHat 7.0 - (default Sendmail 8.11.0) does not crash
RedHat 7.2 - (default Sendmail 8.11.6) does not crash
RedHat 7.3 (p) - (patched Sendmail 8.11.6) does not crash
RedHat 7.0 - (self compiled Sendmail 8.11.6) crashes
RedHat 7.2 - (self compiled Sendmail 8.11.6) crashes
RedHat 7.3 - (self compiled Sendmail 8.11.6) crashes
Slackware 8.0 (p) - (patched Sendmail 8.11.6 binary) crashes
Slackware 8.0 - (self compiled Sendmail 8.12.7) does not crash
RedHat 7.x - (self compiled Sendmail 8.12.7) does not crash
(p) - patched box
Тем не менее, пропатчить систему рекомендуется всем, поскольку ребята из LSD не могут гарантировать, что нет другого пути активизации этого buffer overflow.
