Description
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
Affected products
- bsdi / bsd_os2.1 – 2.1
- eric_allman / sendmail8.8 – 8.8
- eric_allman / sendmail8.8.1 – 8.8.1
- eric_allman / sendmail8.8.2 – 8.8.2
- eric_allman / sendmail8.8.3 – 8.8.3
- FreeBSD / FreeBSD2.1.6 – 2.1.6
- FreeBSD / FreeBSD2.1.5 – 2.1.5
- FreeBSD / FreeBSD2.1.6.1 – 2.1.6.1
- HP / hp-ux10.00 – 10.00
- HP / hp-ux10.01 – 10.01
- HP / hp-ux10.10 – 10.10
- HP / hp-ux10.16 – 10.16
- HP / hp-ux10.20 – 10.20
- ibm / aix4.1 – 4.1
- ibm / aix3.2 – 3.2
- ibm / aix4.2 – 4.2
- sco / internet_faststart1.0 – 1.0
- sco / internet_faststart1.1 – 1.1
- sco / openserver5.0 – 5.0
- sco / openserver5.0.2 – 5.0.2
- sun / solaris2.4 – 2.4
- sun / solaris2.5 – 2.5
- sun / solaris2.5.1 – 2.5.1
- sun / sunos4.1.3u1 – 4.1.3u1
- sun / sunos4.1.4 – 4.1.4
- sun / sunos5.3 – 5.3
- sun / sunos5.4 – 5.4
- sun / sunos5.5 – 5.5
- sun / sunos5.5.1 – 5.5.1
References
- VENDOR_ADVISORYhttp://www.cert.org/advisories/CA-1996-25.html