5236620 2000-06-29 01:27 /50 rader/ Postmaster Mottagare: Bugtraq (import) <11499> Ärende: Re: [TL-Security-Announce] Linux Kernel TLSA2000013-1 ------------------------------------------------------------ Approved-By: aleph1@SECURITYFOCUS.COM Delivered-To: bugtraq@lists.securityfocus.com Delivered-To: BUGTRAQ@SECURITYFOCUS.COM MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14682.13891.653453.639206@horsey.gshapiro.net> Date: Wed, 28 Jun 2000 10:30:43 -0700 Reply-To: Gregory Neil Shapiro <gshapiro@SENDMAIL.ORG> Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM> From: Gregory Neil Shapiro <gshapiro@SENDMAIL.ORG> X-To: tl-security-announce@www1.turbolinux.com X-cc: sendmail-security@sendmail.org To: BUGTRAQ@SECURITYFOCUS.COM In-Reply-To: <20000619180557.A4599@turbolinux.com> -----BEGIN PGP SIGNED MESSAGE----- rluethi> TurboLinux Security Announcement rluethi> Package: kernel-2.2.15 and earlier rluethi> Date: Monday June 19 17:45 PDT 2000 rluethi> TurboLinux Advisory ID#: TLSA2000013-1 rluethi> BugTraq ID#: 1322 rluethi> Credits: This vulnerability was discovered by Wojciech Purczynski. rluethi> 1. Problem Summary rluethi> Originally this security bug was reported by Sendmail. An unsafe rluethi> fgets() usage in sendmail's mail.local exposes the setuid() security rluethi> hole in the Linux kernel. This vunlnerability allows local users to rluethi> obtain root privilege by exploiting setuid root applications. This is completely incorrect. This problem had nothing to do with an unsafe fgets(). There are no unsafe fgets() in sendmail or mail.local. This was a bug in the Linux kernel, not in sendmail and not in mail.local. Please correct your advisory and post an updated version. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0 for non-commercial use Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface Charset: noconv iQCVAwUBOVo2OnxLZ22gDhVjAQE4FwQArXGXsv0vC29SOQiEfetkaC94ByJfDkG6 CW+Ovjv9nc3ThbbpK7UR/+1ffD8Uw2fMDb5+07mffZO2Bhw4n3dZ7eyXwbFvpCT6 j05eDyVgkLxBhrrxjVKIeeNDQJPP+joxvfc11DlZzt1J1EuhWeHF6SSEzYJAajaN 5os5ccgee80= =Y5Cs -----END PGP SIGNATURE----- (5236620) ------------------------------------------(Ombruten)