Home page logo
/

bugtraq logo Bugtraq mailing list archives

[Full-Disclosure] Security Update: [CSSA-2002-052.0] Linux: sendmail smrsh bypass vulnerabilities
From: security () caldera com
Date: Thu, 21 Nov 2002 15:35:43 -0800

To: bugtraq () securityfocus com announce () lists caldera com security-alerts () linuxsecurity com full-disclosure () 
lists netsys com

______________________________________________________________________________

                        SCO Security Advisory

Subject:                Linux: sendmail smrsh bypass vulnerabilities 
Advisory number:        CSSA-2002-052.0
Issue date:             2002 November 21
Cross reference:
______________________________________________________________________________


1. Problem Description

        From the iDEFENSE Security Advisory 10.01.02:

        It is possible for an attacker to bypass the restrictions
        imposed by The Sendmail Consortium's Restricted Shell (SMRSH)
        and execute a binary of his choosing by inserting a special
        character sequence into his .forward file. SMRSH is an
        application intended as a replacement for sh for use in
        Sendmail.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to sendmail-8.11.6-11.i386.rpm
                                        prior to sendmail-cf-8.11.6-11.i386.rpm
                                        prior to sendmail-doc-8.11.6-11.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to sendmail-8.11.6-11.i386.rpm
                                        prior to sendmail-cf-8.11.6-11.i386.rpm
                                        prior to sendmail-doc-8.11.6-11.i386.rpm

        OpenLinux 3.1 Server            prior to sendmail-8.11.6-11.i386.rpm
                                        prior to sendmail-cf-8.11.6-11.i386.rpm
                                        prior to sendmail-doc-8.11.6-11.i386.rpm

        OpenLinux 3.1 Workstation       prior to sendmail-8.11.6-11.i386.rpm
                                        prior to sendmail-cf-8.11.6-11.i386.rpm
                                        prior to sendmail-doc-8.11.6-11.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-052.0/RPMS

        4.2 Packages

        801885a99b80d0efed1356ecad6768be        sendmail-8.11.6-11.i386.rpm
        fdc3ec861fb77a8d5efd80c711c77dfe        sendmail-cf-8.11.6-11.i386.rpm
        d33bbd8db1d0347a5b03487b2c4e01c8        sendmail-doc-8.11.6-11.i386.rpm

        4.3 Installation

        rpm -Fvh sendmail-8.11.6-11.i386.rpm
        rpm -Fvh sendmail-cf-8.11.6-11.i386.rpm
        rpm -Fvh sendmail-doc-8.11.6-11.i386.rpm

        4.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-052.0/SRPMS

        4.5 Source Packages

        17e678b9e82b3ea5e06b036efec4f4ad        sendmail-8.11.6-11.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-052.0/RPMS

        5.2 Packages

        b27b55dc5bd43eaad0436859ec7550c3        sendmail-8.11.6-11.i386.rpm
        ecf5c724d092d9d3a6b97f5634325cb5        sendmail-cf-8.11.6-11.i386.rpm
        2c4f99b24b5807d3e4a15b144a7660fa        sendmail-doc-8.11.6-11.i386.rpm

        5.3 Installation

        rpm -Fvh sendmail-8.11.6-11.i386.rpm
        rpm -Fvh sendmail-cf-8.11.6-11.i386.rpm
        rpm -Fvh sendmail-doc-8.11.6-11.i386.rpm

        5.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-052.0/SRPMS

        5.5 Source Packages

        c9f0ecff09724880e8a01bbce9cf0364        sendmail-8.11.6-11.src.rpm


6. OpenLinux 3.1 Server

        6.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-052.0/RPMS

        6.2 Packages

        9e2dd5db944ef26a1655c61946861449        sendmail-8.11.6-11.i386.rpm
        75e3ace99d3b19a81bf5464768788ba0        sendmail-cf-8.11.6-11.i386.rpm
        8872f76c94f6f23b7aad009053592cbf        sendmail-doc-8.11.6-11.i386.rpm

        6.3 Installation

        rpm -Fvh sendmail-8.11.6-11.i386.rpm
        rpm -Fvh sendmail-cf-8.11.6-11.i386.rpm
        rpm -Fvh sendmail-doc-8.11.6-11.i386.rpm

        6.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-052.0/SRPMS

        6.5 Source Packages

        146c778258b59082f0ee0ba235bfbc7b        sendmail-8.11.6-11.src.rpm


7. OpenLinux 3.1 Workstation

        7.1 Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-052.0/RPMS

        7.2 Packages

        d267d43ae1a996598d5d4b605ff6ae49        sendmail-8.11.6-11.i386.rpm
        a4dfa76da9d2bb9e6bc5ec96b82a0e02        sendmail-cf-8.11.6-11.i386.rpm
        860b4aa74905e1d9093fb0d121f77dc8        sendmail-doc-8.11.6-11.i386.rpm

        7.3 Installation

        rpm -Fvh sendmail-8.11.6-11.i386.rpm
        rpm -Fvh sendmail-cf-8.11.6-11.i386.rpm
        rpm -Fvh sendmail-doc-8.11.6-11.i386.rpm

        7.4 Source Package Location

        ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-052.0/SRPMS

        7.5 Source Packages

        0dcc6753c98c6b618297dc5c03c22932        sendmail-8.11.6-11.src.rpm


8. References

        Specific references for this advisory:

                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1165

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr869922, fz526234,
        erg712134.


9. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


10. Acknowledgements

        zen-parse (zen-parse () gmx net) and Pedram Amini
        (pamini () idefense com) discovered and researched these
        vulnerabilities.

______________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • [Full-Disclosure] Security Update: [CSSA-2002-052.0] Linux: sendmail smrsh bypass vulnerabilities security (Nov 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]