From owner-freebsd-security Sun Nov 17 09:02:58 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA13443 for security-outgoing; Sun, 17 Nov 1996 09:02:58 -0800 (PST) Received: from procert.cert.dfn.de (root@procert.cert.dfn.de [134.100.14.1]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA13179; Sun, 17 Nov 1996 09:00:27 -0800 (PST) Received: from tiger.cert.dfn.de (ley@tiger.cert.dfn.de [134.100.14.11]) by procert.cert.dfn.de (8.8.3/8.8.3) with ESMTP id SAA21285; Sun, 17 Nov 1996 18:00:57 +0100 (MET) From: Wolfgang Ley Received: (from ley@localhost) by tiger.cert.dfn.de (8.8.3/8.8.3) id SAA13765; Sun, 17 Nov 1996 18:00:55 +0100 (MET) Message-Id: <199611171700.SAA13765@tiger.cert.dfn.de> Subject: Re: New sendmail bug... To: pgiffuni@fps.biblos.unal.edu.co Date: Sun, 17 Nov 1996 18:00:54 +0100 (MET) Cc: spork@super-g.com, freebsd-security@freebsd.org, release@freebsd.org In-Reply-To: <328F623D.10A4@ingenieria.ingsala.unal.edu.co> from "Pedro Giffuni S." at Nov 17, 96 11:06:37 am Organization: DFN-CERT (Computer Emergency Response Team, Germany) Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- Pedro Giffuni S. wrote: > > S(pork) wrote: > > > > It's nasty and easy... If you're on Bugtraq, you saw it. If anyone with > > more knowledge on this issue can check it out, please post to the list so > > everyone can free themselves of this vulnerability. Root in under 15 > > seconds with an account on the machine. If you need the 'sploit, please > > mail me here and I'll send it to you. I verified it on FBSD, NetBSD, > > Linux so far... > > > > TIA > > > > Charles > After reading the latest CERT (which is rather old!), I installed smrsh > on all my boxes and changed the uid to an anonymous mail user with no > shell, as suggested. Does this cover it? Do the new releases install > smrsh by default? The latest CERT Advisory on sendmail is from September, 18th (last revised September, 21st) CA-96:20 and discusses a problem in sendmail 8.7.x. ftp://ftp.cert.dfn.de/pub/csir/cert/cert_advisories/CA-96.20.sendmail_vul The last sendmail Advisory is the Auscert Advisory AA-96:06a regarding a security problem in sendmail 8.8.0 and 8.8.1 and is dated October 18th (last revised October 20th). Not that old, is it? ftp://ftp.cert.dfn.de/pub/csir/auscert/auscert-advisory/ AA-96.06a.sendmail.8.8.0-8.8.1.Vulnerability The current problem applies at least to sendmail 8.7 - 8.8.2 (incl.). A 8.8.3 version is currently being tested and will fix the problem. Using "smrsh" is a good idea, but won't fix the current problem. > My mail under 8.8.0 is being read and manipulated by someone outside, > but this probably doesn´t have a solution does it? 8.8.0 has security problems which are even exploitable from the remote. The current 8.8.2 problem can be exploited by local users only. Bye, Wolfgang. - -- Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg, Germany Email: ley@cert.dfn.de Phone: +49 40 5494-2262 Fax: +49 40 5494-2241 PGP-Key available via finger ley@ftp.cert.dfn.de any key-server or via WWW from http://www.cert.dfn.de/~ley/ ...have a nice day -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMo9EwwQmfXmOCknRAQE/bwP/XUviRLsDPECYkxA/W5csUyqTbOKIQp1u YnSdAH/jsEQzPpwZsL9AeQ5p6v5rRmoKHLhC/D0uN+eDZkyyIJSlukb1pvfIzL5b qGAPx71sFZxo+p7d088nJ6oJgr0DP+MibYXvY4YBdbJTrtF/25Qin51EcsfG7TaF iGDCX5dyVTw= =1g2X -----END PGP SIGNATURE-----