Path: utzoo!attcan!uunet!husc6!bloom-beacon!mit-eddie!killer!texbell!tness1!mechjgh
From: mechjgh@tness1.UUCP (Greg Hackney 214+464-2771)
Newsgroups: comp.sys.pyramid
Subject: Re: Pyramid's sendmail
Message-ID: <788@tness1.UUCP>
Date: 25 Nov 88 14:16:20 GMT
References: <424@merkin.cactus.org> <46784@pyramid.pyramid.com>
Reply-To: mechjgh@tness1.UUCP (Greg Hackney 214+464-2771)
Organization: Southwestern Bell Telephone Co., Network Engineering
Lines: 26

[REPOST, ORIGINAL MUNGED]
In article <46784@pyramid.pyramid.com> romain@pyramid.UUCP (Romain Kang) writes:
>In article <424@merkin.cactus.org> hack@merkin.cactus.org (Greg Hackney) writes:
>| Is the sendmail program distributed with OSx 4.1 vulnerable
>| to the recent Internet 'virus', if so, recommendations?
>
>Yes.  The same bug/feature that allowed the worm to spread through SMTP
>is present in all stock OSx releases.  You can get a PTF from RTOC to
>close this hole, as well as related security fixes.
>
>If you're in a hurry, the adb patch that came through
>comp.bugs.4bsd.ucb-fixes will work, as long as you use "ucb strings - -o"
>instead of just "ucb strings -o".  (In OSx 4.1 and later, the SMTP
>command table is kept in read-only (text) space.)

I called RTOC, who said a tape would be sent in a couple of days.

Meanwhile, the adb fix does not work on my OSx4.1 system, but I was
able to edit the binary with GNU Emacs, and changed the characters
"debug" and "wiz" to nulls. This closed the hole with no problems
noticed.
--
Greg

-- 
Greg