Date: Tue, 19 Nov 1996 21:01:17 -0600 (CST) From: "S(pork)" <spork@super-g.com> To: Carey.Nairn@its.utas.edu.au Cc: FreeBSD Questions <questions@freebsd.org> Subject: Re: sendmail security problem Message-ID: <Pine.LNX.3.92.961119205830.1956F-100000@super-g.inch.com> In-Reply-To: <Pine.SOL.3.91.961120094257.4595H-100000@wedge.its.utas.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
I believe that -stable and 2.1.6 are OK at this point, I grabbed /usr/src/usr.sbin/sendmail out and it had the patch against this exploit in it. There was a small problem that made the make break that I remedied by deleting a line, I believe that has been fixed... Here's what you'll see in your logs with the patched version if someone gives it a go: Nov 17 23:35:40 test sendmail[9466]: uid 1000 tried to start daemon mode Nice... Now I know who the sneaky users are... Charles On Wed, 20 Nov 1996, Carey Nairn wrote: > I have just seen a CERT advisory regarding a security problem with > sendmail as follows: > > AUSCERT has received information that sendmail versions 8.7.x to 8.8.2 > (inclusive) contain a serious security vulnerability. > > This vulnerability may allow local users to gain root privileges. > > Exploit details involving this vulnerability have been widely distributed. > > AUSCERT recommends that sites takes the steps outlined in Section 3 > as soon as possible. > - --------------------------------------------------------------------------- > > 1. Description > > A vulnerability exists in all versions of sendmail from 8.7.x to 8.8.2 > that allows local users to gain root privileges. > > A user can invoke sendmail in "daemon" mode by naming it to be "smtpd". > Due to a coding error, this bypasses the usual check that only root > can start the daemon. As of 8.7, sendmail will restart itself when > it gets a SIGHUP signal. By manipulating the environment in which > sendmail is run it is possible to force sendmail into executing an > arbitrary program with root privileges. > > AUSCERT has been informed that sendmail versions prior to 8.8.x are > no longer supported. Sites using older versions of sendmail will need > to upgrade to the current version of sendmail. > > .... > > I guess this means that FreeBSD version prior to 2.1.6 are vulnerable. > My question is what version of sendmail is shipped with 2.1.6 (and 2.2). > > Cheers, > Carey > > ========================================================================= > | Carey Nairn | email : Carey.Nairn@its.utas.edu.au | > | Infrastructure Services | phone : (03) 6226 7419 | > | Information Technology Services | fax : (03) 6226 7898 | > | University of Tasmania. | int'l : (+61 3) | > ========================================================================= > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.92.961119205830.1956F-100000>