-----BEGIN PGP SIGNED MESSAGE-----

===============================================================================
Security Advisory                                                       CERT-NL
===============================================================================
Author/Source : Nico de Koo                                 Index  :    S-96-54
Distribution  : World                                       Page   :          1
Classification: External                                    Version:          1
Subject       : Sendmail Vulnerabilities                    Date   :  20-Sep-96
===============================================================================

By courtesy of CERT Coordination Center we received the following information.

CERT Coordination Center advisory CA-96:20 reports two security problems in
sendmail that affect all versions up to and including 8.7.5. By exploiting
the first of these vulnerabilities, users who have local accounts can gain
access to the default user, which is often daemon. By exploiting the second
vulnerability, any local user can gain root access.

This advisory provides upgrade and patch information of a range of vendors.

CERT-NL recommends installing vendor patches or upgrading to the
current version of sendmail (8.7.6).

Additional information with regards to this vulnerability is placed in
that advisory. You are encouraged to check updates regularly. You can automate
that process by using the CERT-NL notifier service.

All CERT Coordination Center advisories and README's are mirrored by CERT-NL.
The specific URL's for this case are:

> ftp://ftp.surfnet.nl/surfnet/net-security/cert-cc-mirror/cert_advisories/CA-96.20.sendmail_vul

More information about the CERT-NL mirror and notifier services is
contained in News items N-95-01 (notifier) and N-95-02 (CERT mirror),
both present on ftp://ftp.surfnet.nl/surfnet/net-security/cert-nl/docs/news/

==============================================================================

CERT-NL is the Computer Emergency Response Team for SURFnet customers.
SURFnet is the Dutch network for educational, research and related institutes.
CERT-NL is a member of the Forum of Incident Response and Security Teams
(FIRST).

All CERT-NL material is available under:
  http://www.surfnet.nl/surfnet/security/cert-nl.html
  ftp://ftp.surfnet.nl/surfnet/net-security

In case of computer or network security problems please contact your
local CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet
customer please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).
   Email:     cert-nl@surfnet.nl
   Phone:     +31 302 305 305
   Fax:       +31 302 305 329
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands
   A 7 * 24 hours phone number is available to SURFnet SSC's and FIRST
   members on request.
==============================================================================

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMkK63WL2fnkJN/jpAQHraQP+NYHVlImbyoIroK4+9pnNtWIYw/S0Q/2p
x7TRX2q7uof3VBlT8ZD/+uhudFzXT7n9sg1xe1S188Tnb30X2DXjLYZ9MABmsiMH
nQQ4O60rSus5r0ebLZCo5dTf4un1OWURB0yySQcFLdlE+dAhsfoQS0uPm0ipk7zD
DyQE/XQ1ET8=
=5Xf5
-----END PGP SIGNATURE-----