SUMMARY: sendmail patch for SunOS 4.1.4?

From: Mona Wong (mona@alex.UCSD.EDU)
Date: Tue Mar 07 1995 - 16:38:10 CST


<Original posting:>

> Last week, CERT sent out an advisory regarding sendmail
> vulnerabilities. I've installed the patch it recommended
> for SunOS 4.1.3, but we are also running SunOS 4.1.4 on some
> of our machines.
>
> Does anyone know if there is a patch available for SunOS 4.1.4?

<Russell Ruby russ@MATH.ORST.EDU:>

    A set of new patches fix a sendmail security hole involving the
    "-oM" option. The patched vulnerability can allow a user with an
    unprivileged account on a system to overwrite system files and thus
    gain root access.

    We have produced patches for the versions of SunOS shown below.

         OS version Patch ID Patch File Name
         ---------- --------- ---------------
         4.1.3 100377-19 100377-19.tar.Z
         4.1.3_U1 101665-04 101665-04.tar.Z
         4.1.4 102356-01 102356-01.tar.Z
         5.3 101739-07 101739-07.tar.Z
         5.4 102066-04 102066-04.tar.Z
         5.4_x86 102064-04 102064-04.tar.Z

    ...

    2. If you do not have a support contract

    Sun also makes its security patches available to customers who do
    not have a support contract, via anonymous ftp:

       - In the US, from /systems/sun/sun-dist on ftp.uu.net
       - In Europe, from ~ftp/sun/fixes on ftp.eu.net



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:18 CDT