Home  Zeffie's Restore CD's


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Secuirty Advisory - Sendmail



Cobalt Networks -- Security Advisory -- 11.24.1999

Problem: 
Sendmail up to the recent 8.9.x versions - allows any user with a shell
access to pass the '-bi' parameter to /usr/sbin/sendmail. This will
result in aliases database rebuild. The alias database is opened in the
following way:

5366 open("/etc/aliases.db", O_RDWR|O_TRUNC) = 6

There's approx 0.1 sec delay due to /etc/aliases.db processing (on many
common systems). Meantime, luser might deliver any signals to the
Sendmail process, like SIGKILL. After that, /etc/aliases.db will be left
in an unusable state (no EOF marker), causing DoS:

220 Marchew ESMTP Mail Service at nimue.ids.pl ready. mail from: myself
451 Cannot open hash database /etc/aliases: Invalid argument rcpt to:
lcamtuf
503 Need MAIL before RCPT

This vulnerability and problem text were produced by Michal Zalewski
<lcamtuf@xxxxxx>

Relevant products and architectures (all languages)
Product         Architecture    	Vulnerable
Qube1		MIPS                    yes
Qube2           MIPS                    yes
RaQ1            MIPS                    yes
RaQ2            MIPS                    yes
RaQ3            x86                     yes

Conflicts:
-RaQ 1- 
After installing the RPM you will need to move /etc/sendmail.cf.rpmsave
to /etc/sendmail.cf and restart sendmail
-Qube1-
See *Note

RPMS:
-RaQ 3-
ftp://ftp.cobaltnet.com/pub/experimental/security/i386/sendmail-8.9.3-C7.i386.rpm
-RaQ 2 Qube 2-
ftp://ftp.cobaltnet.com/pub/experimental/security/mips/sendmail-8.9.3-C7.mips.rpm
-RaQ 1 Qube 1-
ftp://ftp.cobaltnet.com/pub/experimental/security/mips/sendmail-8.8.8-1C4.mips.rpm

SRPMS:
-RaQ 3 RaQ 2 Qube 2-
ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sendmail-8.9.3-C7.src.rpm
-RaQ 1 Qube 1-
ftp://ftp.cobaltnet.com/pub/experimental/security/mips/sendmail-8.8.8-1C4.mips.rpm

MD5 sums			Package Name
-------------------------------------------------------------
sendmail-8.9.3-C7.i386.rpm 9b28a5650f77a3d7bbeec2db064c2e82
sendmail-8.9.3-C7.mips.rpm 9a27c638b77d833c41d42bfad7b21b7b
sendmail-8.9.3-C7.src.rpm 3c6ce162b6de3cd072ed3f99e2200d3e
sendmail-8.8.8-1C4.mips.rpm 5590d0a0955fef086e219aa67245aa86
sendmail-8.8.8-1C4.src.rpm 10bb1f7ac3e6b1b817f4b6e4d17504ca

You can verify each rpm using the following command:
rpm --checksig  [package]

To install, use the following command, while logged in as root:
rpm -U [package]

The package file format (pkg) for this fix is currently in testing, and
will be available in the near future.  

Jeff Bilicki
Cobalt Networks


*Note for Qube 1
After installing the RPM you will need to move /etc/sendmail.cf.rpmsave
to /etc/sendmail.cf

If you are installing this sendmail on a Qube 1 you will need to do a
couple of thing before installing the rpm.  After Qube1 we moved all the
rc scripts into initscripts-cobalt, due to the way the rpm was built you
might need to do the following.  (This will be automated when the
package is released) 
1. Type as root:
cp /etc/rc.d/init.d/sendmail /root/sendmail.tmp
2. Install the rpm using: rpm -U sendmail-8.8.8-1C4.mips.rpm
3. Type as root: 
mv /root/sendmail.tmp /etc/rc.d/init.d/sendmail
mv /etc/rc.d/rc0.d/K30sendmail.rpmsave /etc/rc.d/rc0.d/K30sendmail
mv /etc/rc.d/rc1.d/K30sendmail.rpmsave /etc/rc.d/rc1.d/K30sendmail
mv /etc/rc.d/rc2.d/S60sendmail.rpmsave /etc/rc.d/rc2.d/S60sendmail
mv /etc/rc.d/rc3.d/S80sendmail.rpmsave /etc/rc.d/rc3.d/S80sendmail
mv /etc/rc.d/rc5.d/S80sendmail.rpmsave /etc/rc.d/rc5.d/S80sendmail
mv /etc/rc.d/rc6.d/K30sendmail.rpmsave /etc/rc.d/rc6.d/K30sendmail




Sun Cobalt and other Linux administration by Zeffie
A Sun Cobalt and Linux Specialist Since 1999
Sun Cobalt Repairs, Development, and Maintenance.
Home of the Worlds Largest Collection of Sun Cobalt Updates!
Sun Cobalt Spam Filter, Security, Firewall, Anti Virus Products.
734-454-9117 US Toll Free 800-231-4459

Zeffie's Sun Cobalt Restore CD's  

Click here to buy me a drink at the local pub!
(includes tip and paypal fees)

Copyright 2009 by Electronic Consultants Inc.