home *** CD-ROM | disk | FTP | other *** search
- ------------------------------------------------------------------------
- NeXT SECURITY BULLETIN: NeXT-94:001-sendmail, 16 February 94
- ------------------------------------------------------------------------
-
- PROBLEM:
- A security vulnerability has been identified in all versions of
- NEXTSTEP up to and including Release 3.2. This vulnerability,
- described in CERT advisories CA-93:16 and CA-93:16a, may allow
- unauthorized remote or authorized local users to gain unauthorized
- privileges. All sendmail recipient machines within a domain could
- potentially be vulnerable.
-
- SOLUTION:
- NeXT has corrected this vulnerability and provided a patch containing
- new binaries for both NeXT and Intel-based computers running NEXTSTEP
- Release 3.1 or Release 3.2.
-
- DETAILS:
- This patch is available via anonymous FTP from FTP.NEXT.COM in the
- directory "/pub/NeXTanswers/Files/Patches/SendmailPatch.23950.1".
-
- Filename Checksum
- --------------------------------- ---------
- 1513_SendmailPatch.ReadMe.rtf 63963 4
- 1514_SendmailPatch.pkg.compressed 02962 290
-
- This patch is also available via electronic mail by sending a message
- to NeXTanswers@NeXT.com with a subject line of "1513 1514". The two
- files noted above will be returned as NeXTmail attachments.
-
- This patch is for NEXTSTEP 3.1 and NEXTSTEP 3.2. Instructions for
- installing this patch are included in the ReadMe file.
-
- Note: At the present time, NeXT has no plans to make a patch available
- for releases of NEXTSTEP prior to Release 3.1.
-
- COMMENTS:
- NeXT recommends that all customers concerned with the security of
- their NEXTSTEP systems either apply the patch or edit the sendmail
- configuration files as soon as possible.
-
- Questions about this patch should be directed to NeXT's Technical
- Support Hotline at 1-800-848-NeXT (+1-415-424-8500 if outside the
- U.S.) or via email to ask_next@NeXT.com.
-
