linux, säkerhet

5236620 2000-06-29  01:27  /50 rader/ Postmaster
Mottagare: Bugtraq (import) <11499>
Ärende: Re: [TL-Security-Announce] Linux Kernel TLSA2000013-1
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID:  <14682.13891.653453.639206@horsey.gshapiro.net>
Date:         Wed, 28 Jun 2000 10:30:43 -0700
Reply-To: Gregory Neil Shapiro <gshapiro@SENDMAIL.ORG>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Gregory Neil Shapiro <gshapiro@SENDMAIL.ORG>
X-To:         tl-security-announce@www1.turbolinux.com
X-cc:         sendmail-security@sendmail.org
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <20000619180557.A4599@turbolinux.com>

-----BEGIN PGP SIGNED MESSAGE-----

rluethi> TurboLinux Security Announcement

rluethi> Package: kernel-2.2.15 and earlier
rluethi> Date: Monday June 19 17:45 PDT 2000

rluethi> TurboLinux Advisory ID#:  TLSA2000013-1 rluethi> BugTraq
ID#: 1322 rluethi> Credits: This vulnerability was discovered by
Wojciech Purczynski.

rluethi> 1. Problem Summary

rluethi> Originally this security bug was reported by Sendmail. An
unsafe rluethi> fgets() usage in sendmail's mail.local exposes the
setuid() security rluethi> hole in the Linux kernel. This
vunlnerability allows local users to rluethi> obtain root privilege
by exploiting setuid root applications.

This is completely incorrect.  This problem had nothing to do with an
unsafe fgets().  There are no unsafe fgets() in sendmail or
mail.local.  This was a bug in the Linux kernel, not in sendmail and
not in mail.local.  Please correct your advisory and post an updated
version.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0 for non-commercial use
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface
Charset: noconv

iQCVAwUBOVo2OnxLZ22gDhVjAQE4FwQArXGXsv0vC29SOQiEfetkaC94ByJfDkG6
CW+Ovjv9nc3ThbbpK7UR/+1ffD8Uw2fMDb5+07mffZO2Bhw4n3dZ7eyXwbFvpCT6
j05eDyVgkLxBhrrxjVKIeeNDQJPP+joxvfc11DlZzt1J1EuhWeHF6SSEzYJAajaN
5os5ccgee80=
=Y5Cs
-----END PGP SIGNATURE-----
(5236620) ------------------------------------------(Ombruten)