Pyramid's sendmail
Carl S. Gutekunst
csg at pyramid.pyramid.com
Sun Nov 27 13:43:11 AEST 1988
In article <788 at tness1.UUCP> mechjgh at tness1.UUCP (Greg Hackney 214+464-2771) writes:
>I called RTOC, who said a tape would be sent in a couple of days.
Yeah, Scott keys pulling Seshadri's chain, and he keeps pulling mine. If we
didn't keep finding more security holes, the PTF would have been done sooner.
The final PTF includes security fixes for FTP, Sendmail, and UUCP. The fixes
for UUCP will be posted to the net, as well. There's some much worse security
holes here than what the Internet Worm exploited.
If you are running Basic Networking Utilities aka HoneyDanBer UUCP, you should
also call RTOC and ask for a fix for Peter's "hdbworm" hole. This will be in a
separate PTF, so the first one doesn't get held up. (There aren't that many of
you out there running HoneyDanBer anyway, near as I can tell.)
>Meanwhile, the adb fix does not work on my OSx4.1 system, but I was able to
>edit the binary with GNU Emacs, and changed the characters "debug" and "wiz"
>to nulls.
See Romain's fix. Actually, the "wiz" command is not a problem in Pyramid's
sendmail. Try telnet'ing to the sendmail socket, type "wiz", and see what
happens. :-) I didn't do it that way, Eric Allman did; but I didn't feel like
ripping it out, either.
<csg>
More information about the Comp.sys.pyramid
mailing list