Path: utzoo!attcan!uunet!husc6!rutgers!apple!voder!pyramid!csg From: csg@pyramid.pyramid.com (Carl S. Gutekunst) Newsgroups: comp.sys.pyramid Subject: Re: Pyramid's sendmail Message-ID: <48721@pyramid.pyramid.com> Date: 27 Nov 88 03:43:11 GMT References: <788@tness1.UUCP> Organization: Pyramid Technology Corp., Mountain View, CA Lines: 24 In article <788@tness1.UUCP> mechjgh@tness1.UUCP (Greg Hackney 214+464-2771) writes: >I called RTOC, who said a tape would be sent in a couple of days. Yeah, Scott keys pulling Seshadri's chain, and he keeps pulling mine. If we didn't keep finding more security holes, the PTF would have been done sooner. The final PTF includes security fixes for FTP, Sendmail, and UUCP. The fixes for UUCP will be posted to the net, as well. There's some much worse security holes here than what the Internet Worm exploited. If you are running Basic Networking Utilities aka HoneyDanBer UUCP, you should also call RTOC and ask for a fix for Peter's "hdbworm" hole. This will be in a separate PTF, so the first one doesn't get held up. (There aren't that many of you out there running HoneyDanBer anyway, near as I can tell.) >Meanwhile, the adb fix does not work on my OSx4.1 system, but I was able to >edit the binary with GNU Emacs, and changed the characters "debug" and "wiz" >to nulls. See Romain's fix. Actually, the "wiz" command is not a problem in Pyramid's sendmail. Try telnet'ing to the sendmail socket, type "wiz", and see what happens. :-) I didn't do it that way, Eric Allman did; but I didn't feel like ripping it out, either.