[8LGM]. [8lgm]-advisory-16.unix.sendmail-6-dec-1994. http://www.8lgm.org/advisories.html.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....intrusion with identical or nearly identical results; where runs differed significantly, we report a range of values. To date, we have collected data on five successful intrusions, three of them for sendmail, one for lpr [3] and one for ftpd [5] The three sendmail intrusions were: sunsendmailcp [1], syslogd [2, 6] and a decode alias intrusion. These intrusions are described in the appendix. Most of the successful intrusions are clearly detected, with c SA values of 0.5 to 0.7. The exception to this is decode intrusion, which, on the low end of the range, generates only 7 mismatches and a ....

[8LGM]. [8lgm]-advisory-16.unix.sendmail-6-dec-1994. http://www.8lgm.org/advisories.html.

....we could adopt a reactive philosophy, recognizing individual weaknesses as each appears and engineering security patches one at a time. Historically, this has been a losing battle, at least for 3 large applications: for instance, explore the sad tale of the sendmail bug of the month [1, 2, 3, 4, 13, 14, 15, 16, 17, 18, 19, 21]. In any event, attempts to build security directly into untrusted applications would require each program to be considered separately not an easy approach to get right on short notice. For now, we are stuck with many useful programs that o er only minimal assurances of security; therefore what we ....

....design time. Because of these factors, large numbers of security vulnerabilities have been found in sendmail over the years, and the Unix community has been forced into a plug and patch methodology, where implementors end up xing bugs one at a time as they appear. This has been a losing battle [1, 2, 3, 4, 13, 14, 15, 16, 17, 18, 19, 21]. Eric Allman (sendmail s creator) has worked extremely hard to make the best of this unpalatable situation, but this is a fundamentally dicult task. In short, the history of sendmail is checkered with serious security problems. Because sendmail handles email that could potentially come from ....

[8lgm]-Advisory-16.UNIX.sendmail-6-Dec-1994, December 1994.

....security patches one at a time. Historically, this has been a losing battle, at least for large applications: for instance, explore 2 For instance, ghostscript is more than 60,000 lines of C; and mpeg play is more than 20,000 lines long. the sad tale of the sendmail bug of the month [1, 2, 3, 4, 8, 9, 10, 11, 12, 13, 14, 16]. In any event, attempts to build security directly into the many helper applications would require each program to be considered separately not an easy approach to get right. For now, we are stuck with many useful programs which offer only minimal assurances of security; therefore what we ....

[8lgm]-Advisory-16.UNIX.sendmail-6-Dec1994, December 1994.

....for lpr. Table 3 shows the results of these comparisons. Each row in the table reports data for one typical trace. In most cases, we have conducted multiple runs of the intrusion with identical or nearly identical results. To date, we have been able to execute and trace four attacks: sunsendmailcp [1], a syslog attack script [2, 7] a decode alias attack, and lprcp [3] The sunsendmailcp script uses a special command line option to cause sendmail to append an email message to a file. By using this script on a file such as .rhosts, a local user may obtain root access. The syslog attack uses ....

[8LGM]. [8lgm]-advisory-16.unix.sendmail-6-dec-1994. http://www.8lgm.org/advisories.html.

....range of values. To date, we have collected data on five successful intrusions, three of them for sendmail, one for lpr [4] and one for ftpd [8] CERT. swinstall vulnerability. Ftp: info.cert.org pub cert advisories CA 96:27, December 1996. 9] The three sendmail intrusions were: sunsendmailcp [2], syslogd [3] 7] and a decode alias intrusion. These intrusions are described in the appendix. Most of the 18 successful intrusions are clearly detected, with # S A values of 0.5 to 0.7. The exception to this is the decode intrusion, which, on the low end of the range, generates only 7 ....

8LGM.[8lgm]-advisory-16.unix.sendmail-6-dec-1994. Http://www.8lgm.org/ advisories.html, December 94.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC