From owner-freebsd-questions  Tue Nov 19 14:49:52 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id OAA12365
          for questions-outgoing; Tue, 19 Nov 1996 14:49:52 -0800 (PST)
Received: from wedge.its.utas.edu.au (cp_nairn@wedge.its.utas.edu.au [131.217.10.10])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA12360
          for <questions@freebsd.org>; Tue, 19 Nov 1996 14:49:46 -0800 (PST)
Received: (from cp_nairn@localhost) by wedge.its.utas.edu.au (8.8.3/8.6.6) id JAA04810; Wed, 20 Nov 1996 09:49:41 +1100 (EST)
Date: Wed, 20 Nov 1996 09:49:40 +1100 (EST)
From: Carey Nairn <cp_nairn@cc.utas.edu.au>
X-Sender: cp_nairn@wedge.its.utas.edu.au
Reply-To: Carey.Nairn@its.utas.edu.au
To: FreeBSD Questions <questions@freebsd.org>
Subject: sendmail security problem
Message-ID: <Pine.SOL.3.91.961120094257.4595H-100000@wedge.its.utas.edu.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

I have just seen a CERT advisory regarding a security problem with 
sendmail as follows:

AUSCERT has received information that sendmail versions 8.7.x to 8.8.2
(inclusive) contain a serious security vulnerability.
 
This vulnerability may allow local users to gain root privileges.
 
Exploit details involving this vulnerability have been widely distributed.
 
AUSCERT recommends that sites takes the steps outlined in Section 3
as soon as possible.
- ---------------------------------------------------------------------------
 
1.  Description
 
    A vulnerability exists in all versions of sendmail from 8.7.x to 8.8.2
    that allows local users to gain root privileges.
 
    A user can invoke sendmail in "daemon" mode by naming it to be "smtpd".
    Due to a coding error, this bypasses the usual check that only root
    can start the daemon.  As of 8.7, sendmail will restart itself when
    it gets a SIGHUP signal.  By manipulating the environment in which
    sendmail is run it is possible to force sendmail into executing an
    arbitrary program with root privileges.
 
    AUSCERT has been informed that sendmail versions prior to 8.8.x are
    no longer supported.  Sites using older versions of sendmail will need
    to upgrade to the current version of sendmail.
 
....

I guess this means that FreeBSD version prior to 2.1.6 are vulnerable.  
My question is what version of sendmail is shipped with 2.1.6 (and 2.2).

Cheers,
Carey

=========================================================================     
| Carey Nairn                     | email : Carey.Nairn@its.utas.edu.au |
| Infrastructure Services         | phone : (03) 6226 7419              |
| Information Technology Services | fax   : (03) 6226 7898              |
| University of Tasmania.         | int'l : (+61 3)                     |
=========================================================================