===========================================================================
          [8lgm]-Advisory-21.UNIX.SunOS-sendmailV5.22-Aug-1995
 
PROGRAM:
 
        sendmail(8)
 
VULNERABLE VERSIONS:
 
        SunOS 4.1.*
 
DESCRIPTION:
 
        The -oR option uses popen() to return undeliverable mail.
 
IMPACT:
 
        Local users can obtain root access.
 
REPEAT BY:
 
        A program to exploit this vulnerability is available as of now.
        This program has been tested with the latest Sun patch.  To obtain
        this program, send mail to 8lgm-fileserver@8lgm.org, with a line
        in the body of the message containing:-
 
        SEND ropt
 
DISCUSSION:
 
        Using popen() in setuid programs is bad practice.
 
FIX:
 
        Contact vendor for fix.
 
STATUS UPDATE:
 
        The file:
 
        [8lgm]-Advisory-21.UNIX.SunOS-sendmailV5.22-Aug-1995.README
 
        will be created on www.8lgm.org.  This will contain updates on 
        any further versions which are found to be vulnerable, and any
        other information received pertaining to this advisory.
 
-----------------------------------------------------------------------
 
FEEDBACK AND CONTACT INFORMATION:
 
        majordomo@8lgm.org      (Mailing list requests - try 'help'
                                 for details)
 
        8lgm@8lgm.org           (Everything else)
 
8LGM FILESERVER:
 
        All [8LGM] advisories may be obtained via the [8LGM] fileserver.
        For details, 'echo help | mail 8lgm-fileserver@8lgm.org'
 
8LGM WWW SERVER:
 
        [8LGM]'s web server can be reached at http://www.8lgm.org.
        This contains details of all 8LGM advisories and other useful
        information.
===========================================================================