OpenBSD Journal

y Patch 003: smrsh (2 of 3)

Contributed by jose on from the sendmail dept.

In the second of three patches released today, a problem in the sendmail installation has been remedied. Patch 003 resolves an issue in smrsh , the restricted shell used by sendmail to interact with the system. An attacker can leverage this vulnerability to execute code on the mail server. Patch 003 adds additional checks to safeguard against this vulnerability.

Update Josh reminded us that this patch has been applied to 3.1-stable and 3.0-stable . Thank you.

(Comments are closed)


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]