============================================================================= Virtual Domain Hosting Services provided by The FOURnet Information Network mail webserv@FOUR.net or see http://www.four.net ============================================================================= [8lgm]-Advisory-24.UNIX.CERT.Advisory.CA-95:11.20-9-1995 PROGRAM: sendmail_wrapper.c VULNERABLE VERSIONS: SunOS 4.1.* DESCRIPTION: As a Solution to advisory: [8lgm]-Advisory-21.UNIX.SunOS-sendmailV5.22-Aug-1995 CERT advises the following. B. Install the sendmail wrapper available from ftp://ftp.cs.berkeley.edu/ucb/sendmail/sendmail_wrapper.c ftp://ftp.auscert.org.au/pub/auscert/tools/sendmail_wrapper.c Checksum: MD5 (sendmail_wrapper.c) = fb53f92b6fc539766cd69e8b08909ba1 This wrapper uses syslog(3) to report potential attacks. However this is performed in an insecure manner, and can be exploited as described in: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 IMPACT: Local users can therefore obtain superuser privileges. FIX: In order to use syslog(3) in a secure manner, strings must be limited in length. Therefore to fix the call to syslog(3) we can do: syslog( LOG_MAIL | LOG_ERR, "Possible SunOS sendmail attack specifying '-%c %.500s' by uid %d\n", argv[ i][ 1], cp, getuid()); STATUS UPDATE: The file: [8lgm]-Advisory-24.UNIX.CERT.Advisory.CA-95:11.20-9-1995.README will be created on www.8lgm.org. This will contain updates on any further versions which are found to be vulnerable, and any other information received pertaining to this advisory. ----------------------------------------------------------------------- FEEDBACK AND CONTACT INFORMATION: majordomo@8lgm.org (Mailing list requests - try 'help' for details) 8lgm@8lgm.org (Everything else) 8LGM FILESERVER: All [8LGM] advisories may be obtained via the [8LGM] fileserver. For details, 'echo help | mail 8lgm-fileserver@8lgm.org' 8LGM WWW SERVER: [8LGM]'s web server can be reached at http://www.8lgm.org. This contains details of all 8LGM advisories and other useful information. ===========================================================================