- Forwarded message from Sun Security Coordination Team <[EMAIL PROTECTED]>
-
Date: Wed, 29 Dec 1999 11:17:03 -0800 (PST)
From: Sun Security Coordination Team <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Sun Security Bulletin #00191
-BEGIN PGP SIGNED MESSAGE-
- Forwarded message from Sun Security Coordination Team <[EMAIL PROTECTED]>
-
Date: Wed, 29 Dec 1999 11:35:49 -0800 (PST)
From: Sun Security Coordination Team <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Sun Security Bulletin #00192
-BEGIN PGP SIGNED MESSAGE-
A note to anybody applying this, via patch or otherwise. Don't keep the
original resend lying around in the majordomo directory: wrapper assumes
everything in that directory is secure, and will gladly execute it.
[brock@o2 brock]$ /usr/freeware/majordomo/wrapper resend.orig '@|id'
uid=1126(majord
[ On Friday, December 24, 1999 at 20:27:01 (+), Dominic Mitchell wrote: ]
> Subject: Re: Wmmon under FreeBSD
>
> Under modern BSD4.4, the preferred method is using sysctl(3),(8), as
> opposed to kernfs.
That's not completely true and misses the bigger picture entirely.
According to McKusick,
SecurityFocus,
* I have discovered that Macintosh computers running OS9 can be used to
direct a stream of 1500-byte ICMP datagrams at a target on the Internet.
* These ICMP datagrams or triggered by 40-byte datagrams, so one
"controller" computer with a 1.3 Mbps Internet connection can focus th
Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT
v.2000.08.A
USSR Advisory Code: USSR-99027
Release Date:
December 29, 1999 [3/5]
Systems Affected:
CSM Mail Server for Windows 95/NT and others old versions.
Version: 2000-01A
Version: 1999-07M
Version: 1999-07I
Version: 1999-0
While browsing the majordomo lists trying to find out if anyone
is taking care of this issue, I came across another that's in their
archive (appended below).
The comment of Dave Wolfe was that you shouldn't let untrusted users
run programs on his majordomo server.
Olaf
--
Olaf Kirch | -
good morning folks,
... "With AltaVista Search Software, you can create your own search and
retrieval Web site with the same relevancy, performance, and efficiency of
the powerful AltaVista Search engine (www.altavista.com) used to index the
World Wide Web" ...
yes thats true .. but,
if you t
It would be important to note that on POSIX systems, the wrapper is
compiled to setuid() to the majordomo user, so this won't give a root
shell...
On other systems, you are advised to install majordomo suid 'majordomo'
instead of root.
>From the "INSTALL" file:
3) Edit the Makefile, defining wh
> - -snip-
>
> # If the first argument is "@filename", read the real arguments
> # from "filename", and shove them onto the ARGV for later processing
> # by &Getopts()
> #
> if ($ARGV[0] =~ /^\@/) {
> $fn = shift(@ARGV);
> $fn =~ s/^@//;
> open(AV, $fn) || die("open(AV, \"$fn\"): $!\nS
-BEGIN PGP SIGNED MESSAGE-
"Todd C. Miller" <[EMAIL PROTECTED]> wrote:
> For those using perl 5.x, you can use sysopen() instead of the "magic"
> perl open() to fix this.
I'm afraid that wouldn't help much, as you can supply any pathname as
the -C (configuration file) argument:
As a bonus, /usr/local/bin/mkpis is vulnerable to the same /tmp symlink
problem. It has the same permissions as pis.
-Brock
---
Brock Tellier <[EMAIL PROTECTED]> wrote:
Greetings,
OVERVIEW
A vulnerability in "/usr/local/bin/pis" on SCO UnixWare will allow any
user to create arbitrary files wi
On Tue, 28 Dec 1999, Brock Tellier wrote:
> but wrapper immediatly setuid()'s and setgid()'s to owner:daemon before
> execing the wrapped program.
Bugs in resend aside, this appears to be an incorrect configuration of
wrapper. majordomo should have it's own group as well as user, and it
should
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note -- On Tuesday, December 28, 1999, beginning at 6:00 PM Eastern
Daylight Time (18:00 EST, GMT-5), the CERT Web and
FTP sites will be unavailable for several hours
while routine maintenance is done.
CERT(R) Advisory CA-99-
At 08:47 PM 12/28/1999 -0600, Brock Tellier wrote:
>I've only tested the version of majordomo which comes with UnixWare
>7.1 which is 1.94.4. This vulnerability may or not still be present
>in newer versions of majordomo, but it exists on the default UW7.1
>installation.
Confirmed with *sto
For those using perl 5.x, you can use sysopen() instead of the "magic"
perl open() to fix this.
- todd
--- resend Thu Aug 19 10:12:03 1999
+++ resend+ Tue Dec 28 23:55:39 1999
@@ -58,7 +58,7 @@
if ($ARGV[0] =~ /^\@/) {
$fn = shift(@ARGV);
$fn =~ s/^@//;
-open(AV, $fn) ||
16 matches
Mail list logo
