Pyramid's sendmail

Greg Hackney 214+464-2771 mechjgh at tness1.UUCP
Sat Nov 26 00:16:20 AEST 1988


[REPOST, ORIGINAL MUNGED]
In article <46784 at pyramid.pyramid.com> romain at pyramid.UUCP (Romain Kang) writes:
>In article <424 at merkin.cactus.org> hack at merkin.cactus.org (Greg Hackney) writes:
>| Is the sendmail program distributed with OSx 4.1 vulnerable
>| to the recent Internet 'virus', if so, recommendations?
>
>Yes.  The same bug/feature that allowed the worm to spread through SMTP
>is present in all stock OSx releases.  You can get a PTF from RTOC to
>close this hole, as well as related security fixes.
>
>If you're in a hurry, the adb patch that came through
>comp.bugs.4bsd.ucb-fixes will work, as long as you use "ucb strings - -o"
>instead of just "ucb strings -o".  (In OSx 4.1 and later, the SMTP
>command table is kept in read-only (text) space.)

I called RTOC, who said a tape would be sent in a couple of days.

Meanwhile, the adb fix does not work on my OSx4.1 system, but I was
able to edit the binary with GNU Emacs, and changed the characters
"debug" and "wiz" to nulls. This closed the hole with no problems
noticed.
--
Greg

-- 
Greg



More information about the Comp.sys.pyramid mailing list