Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!amdcad!sun!pitstop!sundc!seismo!uunet!mcvax!ukc!strath-cs!glasgow!Jim
From: jac@doc.ic.ac.uk (Jim Crammond)
Newsgroups: comp.mail.sendmail,mail.uk-sendmail-workers
Subject: sendmail worm fix (2)
Message-ID: <17011.8811071726@sophocles.doc.ic.ac.uk>
Date: 7 Nov 88 17:26:23 GMT
Sender: daemon@cs.glasgow.ac.uk
Lines: 24
Phone: 01-589 5111 ext 5065
X-mailer: mail gatewayed to news (mail-news 1.5a)

The previous fix prevents remote users mailing getting a local shell,
however it is still possible for a local user to run sendmail by hand
and exploit the hole (and get a non-root shell).
Those who are worried by this may wish to take advantage of the following:

   From: Andrew Findlay <Andrew.Findlay@brunel.ac.uk>
   Date: Mon, 7 Nov 88 16:57:35 BST

   It may be worth making a safe Sun binary available by anon Blue-Book
   FTP and putting a uuencoded version in an info-server too.

   I have put two binaries in the 'guest' file area on uk.ac.brunel.me:
   (Username guest, any passwd)

   <FTP>sun-sendmail-IDA
   <FTP>pyr-sendmail-IDA

   Both are IDA-sendmail, compiled without DEBUG or WIZ. The Sun version
   was compiled under SunOs 3.3 and also runs under 4.0. Vanilla versions
   would be more useful to most people though.

   Andrew

-Jim.