Date: Wed, 10 Oct 2001 09:05:48 -0600
From: Support Info firstname.lastname@example.org
Subject: Security Update: [CSSA-2001-34.0] Linux: sendmail queue run
Caldera International, Inc. Security Advisory
Subject: Linux - sendmail queue run privilege problem
Advisory number: CSSA-2001-034.0
Issue date: 2001, October 05
1. Problem Description
There is a permission problem in the default setup of sendmail in all
OpenLinux versions, which allows a local attacker to cause a denial
of service attack effectively stopping delivery of all mails from
the current system.
This vulnerability also allows a local attacker to read the full headers
of all mails in the mail queue.
2. Vulnerable Versions
All sendmail versions on currently supported OpenLinux product are
There are no fixed packages available.
OpenLinux 2.3, OpenLinux eServer 2.3.1 and OpenLinux eDesktop 2.4:
In /etc/sendmail.cf, change the line:
OpenLinux Workstation and Server 3.1:
In /etc/mail/sendmail.cf, change the line:
This and other Caldera security resources are located at:
This security fix closes Caldera's internal Problem Report 10576.
Caldera International, Inc. is not responsible for the misuse of
any of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera OpenLinux.
Caldera International wishes to thank Michal Zalewski for pointing out
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.