September 7, 2001

NetBSD sendmail(8) local root compromise

Author: JT Smith

From "Certain variables were treated as signed values, but
should have been unsigned. Bounds checking was not done
when incrementing an index.

Combined with supplied command-line arguments, a local
user could exploit the setuid-root sendmail binary and the
lack of bounds checking to perform a root compromise."


  • Linux
Click Here!