---

TurboLinux: Retraction of Impact Statement in Sendmail Security Advisory

From:   TurboLinux Security Team <security@www1.turbolinux.com>
Subject:        [TL-Security-Announce] Retraction of Impact Statement in Sendmail Security Advisory: TLSA2001003-1
Date:   11 May 2001 19:01:52 -0700
 
We would like to make a correction in regard to a statement
made in the security advisory that was posted on February 22 for the
package "sendmail-8.11.2-5".  In the advisory, it is stated
that "A user can gain root access privileges."  This is NOT the
case.

The -bt index bug is NOT exploitable, and therefore, has no security
impact.  Special thanks to Kris Kenneway for pointing this out.  For more
information on this issue, please review the following URL:

http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Ftid%3D138299%26threads%3D1%26end%3D2000-10-14%26list%3D1%26start%3D2000-10-08%26

The package sendmail-8.11.2-5 will remain available on our ftp site as it
does contain the fixes to prevent the -bt index bug.

Turbolinux is committed to developing quality products with a strong
emphasis on security.

Thank you.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis