linux, säkerhet

6143478 2001-02-23 13:41 -0800  /25 rader/ Claus Assmann <ca+bugtraq@ZARDOC.ENDMAIL.ORG>
Sänt av: joel@lysator.liu.se
Importerad: 2001-02-26  22:03  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: ca+bugtraq@ZARDOC.ENDMAIL.ORG
Mottagare: Bugtraq (import) <15618>
Kommentar till text 6131185 av  <security@TURBOLINUX.COM>
Ärende: Re: [TL-Security-Announce] Sendmail-8.11.2-5 TLSA2001003-1
------------------------------------------------------------
On Thu, Feb 22, 2001, security@TURBOLINUX.COM wrote:

I've sent yesterday an e-mail to security@TURBOLINUX.COM but got
no reply up to now. So I'll try it here.

>         Vulnerable Packages: All versions previous to 8.11.2-5
>         Date: 02/21/2001 5:00 PDT

>         TurboLinux Advisory ID#:  TLSA2001003-1

> 2. Impact
> 
>    A user can gain root privileges.

Does TurboLinux have any proof for this claim or is it just a guess?
If the former: why has sendmail-security@sendmail.org not been
contacted?  If the latter: why isn't this explicitly stated here?

BTW: Another advisory (TLSA2000013-1) from TurboLinux also made a
wrong claim about sendmail. It would be nice to be more careful.

PS: The segfault problem has been fixed in 8.11.2 as the
RELEASES_NOTES clearly say.
(6143478) --------------------------------(Ombruten)
Bilaga (application/pgp-signature) i text 6143479
6143479 2001-02-23 13:41 -0800  /12 rader/ Claus Assmann <ca+bugtraq@ZARDOC.ENDMAIL.ORG>
Importerad: 2001-02-26  22:03  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: ca+bugtraq@ZARDOC.ENDMAIL.ORG
Mottagare: Bugtraq (import) <15619>
Bilaga (text/plain) till text 6143478
Ärende: Bilaga till: Re: [TL-Security-Announce] Sendmail-8.11.2-5 TLSA2001003-1
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (OpenBSD)
Comment: For info see http://www.gnupg.org

iQCVAwUBOpbY7c8etQMiMnoBAQGKHAQAucArg5oKoKnKWog216WLMBroxuhry2dy
yG5CKrMhq6TL3UShdPLix83UNbd0IY+iTCp3fj/IjaygLDdR6WfYXH8ZmY3F4Nj/
2b3CFuvSOgUC2V6FfvHQOon+LC2s/u18zfQ/+vGzFWGBcPZdvrUx5ruhZwnhuol7
q9RXs/We+e0=
=ppga
-----END PGP SIGNATURE-----
(6143479) ------------------------------------------