<Original posting:>
> Last week, CERT sent out an advisory regarding sendmail
> vulnerabilities. I've installed the patch it recommended
> for SunOS 4.1.3, but we are also running SunOS 4.1.4 on some
> of our machines.
>
> Does anyone know if there is a patch available for SunOS 4.1.4?
<Russell Ruby russ@MATH.ORST.EDU:>
A set of new patches fix a sendmail security hole involving the
"-oM" option. The patched vulnerability can allow a user with an
unprivileged account on a system to overwrite system files and thus
gain root access.
We have produced patches for the versions of SunOS shown below.
OS version Patch ID Patch File Name
---------- --------- ---------------
4.1.3 100377-19 100377-19.tar.Z
4.1.3_U1 101665-04 101665-04.tar.Z
4.1.4 102356-01 102356-01.tar.Z
5.3 101739-07 101739-07.tar.Z
5.4 102066-04 102066-04.tar.Z
5.4_x86 102064-04 102064-04.tar.Z
...
2. If you do not have a support contract
Sun also makes its security patches available to customers who do
not have a support contract, via anonymous ftp:
- In the US, from /systems/sun/sun-dist on ftp.uu.net
- In Europe, from ~ftp/sun/fixes on ftp.eu.net
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:18 CDT