gain 'root' privileges

EML · ‎03-06-2003

About the security flaw on the sendmail, what is meant by the advisory "Attackers may remotely exploit this vulnerability to gain "root" or superuser
control of any vulnerable Sendmail server."?

Does it mean that attacker can have root access, and have the root prompt? Or he is just able to control the sendmail daemon of that server?

Sergejs Svitnevs · ‎03-06-2003

http://www.iss.net/security_center/static/1836.php

Sendmail versions 8.8.0 and 8.8.1 are vulnerable to a buffer overflow in the MIME processing code. A remote attacker can overflow a buffer and execute arbitrary commands on the system to root privileges.

Regards,
Sergejs

EML · ‎03-06-2003

does it mean that attacker can issue:

rm -R * on the / directory

and erase all files?

Cheryl Griffin · ‎03-06-2003

No information is being released on the exploit simply so that others do not take advantage of others who are not patched. This was a well coordinated event.

The official word as posted by Berlene & Pete:
--Sendmail Vulnerability Demonstrates New DHS Capabilities (3 March 2003) A vulnerability was reported in Sendmail that allows root access simply by sending a specially crafted email. Action by the Department of Homeland Security and affected vendors led to a coordinated program for patch development, early warning for critical infrastructure industries and government agencies, and broad information dissemination, while maintaining secrecy until the SANS web broadcast features people from sendmail.com, ISS, SourceFire, and the SANS faculty experts answering questions about the vulnerability, what systems are vulnerable, and what can be done to protect Sendmail beyond patching.

"Downtime is a Crime."

Steven E. Protter · ‎03-06-2003

If an attacker gains root priviledges via sendmail they can wipe out your entire system.

rm -rf / is possible.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

U.SivaKumar_2 · ‎03-06-2003

Hi,

Yes , Yes , Yes

if that vulnerability is exploited for a root compromise.

regards,

U.SivaKumar

Innovations are made when conventions are broken

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

gain 'root' privileges

gain 'root' privileges

Re: gain 'root' privileges

Re: gain 'root' privileges

Re: gain 'root' privileges

Re: gain 'root' privileges

Re: gain 'root' privileges