SA-1996.06.txt
bd44f4cf29e01ef4bfb4b58df2c5adb139cf2f6a0972ce0a86ad71a57d200b5c
Subject: Caldera Security Advisory 96.06: Vulnerability in sendmail
Caldera Security Advisory SA-96.06
Original issue date: November 18th, 1996
Last revised: November 21st, 1996
Topic: Vulnerability in sendmail
I. Problem Description
The sendmail program is the default MTA (Mail Transport Agent)
for the Caldera Network Desktop. To gain access to resources it
needs, the sendmail program is installed as set-user-id root.
A vulnerability in sendmail makes it possible start a program
such as a shell that has root permissions on the local machine.
Exploit programs for sendmail are known to exist for Linux
systems on x86 hardware. This problem likely exists for other
Unix-like operating systems.
II. Impact
On systems such as CND 1.0, an unprivileged user can obtain root
access. A shell account on the local machine is needed to
exploit this vulnerability. This particular vulnerability
is not known to be exploitable by a remote user.
III. Solution
Install a version of sendmail with the patch that prevents this
vulnerability.
/etc/rc.d/init.d/sendmail.init stop
ncftp ftp://ftp.caldera.com/pub/cnd-1.0/updates/sendmail-8.7.1-2c1.i386.rpm
rpm -Uvh sendmail-8.7.1-2c1.i386.rpm
/etc/rc.d/init.d/sendmail.init start
If local changes to /etc/aliases have been made, they will be
save in /etc/aliases.orig and will need to be re-installed.
This particular version is same version as shipped with CND 1.0 but
with the security patch applied. (Newer versions of sendmail have
been released by its author.)
MD5 signatures of these packages (using the "md5sum" command):
5471b0370e873b31c387dfdafbb02867 sendmail-8.7.1-2c1.i386.rpm
e92cdeb8d75ea96f17ee04a1671e3c57 sendmail-8.7.1-2c1.src.rpm
IV. References
This and other Caldera security resources are located at:
http://www.caldera.com/tech-ref/cnd-1.0/security/
Other sendmail related information can be found at:
http://www.sendmail.org/
and in the Usenet newsgroup
comp.mail.sendmail
The CERT advisory on this problem is located at:
ftp://info.cert.org/pub/cert_advisories/CA-96.24.sendmail.daemon.mode