lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <23309.1046819667@euclid.cs.niu.edu>
Date: Tue, 04 Mar 2003 17:14:27 -0600
From: Neil W Rickert <rickert+bt@...niu.edu>
To: bugtraq@...urityfocus.com
Subject: Re: sendmail 8.12.8 available


"Mordechai T. Abzug" <morty@...kir.org> wrote:

>Question: are the header and ident issues *only* remote overflow
>problems, or is this also a local vulnerability?  Ie. if one has a
>system that doesn't run sendmail in daemon mode (-bd), but does make
>sendmail available as an SUID root binary for submission to the local
>smarthost and does run sendmail is queue-process mode (ie. -q15m), is
>the system still vulnerable?  Given that the problem is in the header
>parsing, I would expect this to be both a remote and a local problem,
>but I'd like to make sure before doing lots of upgrades.

I don't think there has been a comment on this yet.

Sendmail will only use "ident" when receiving mail on a network
connection.  There is no local exploit available there if sendmail is
not listening on the net.  Possibly a local user could invoke
"sendmail -bs" with stdin/stdout assigned to a connected socket.  In
that case there might be an ident call.

For the header problem, any buffer overflow would occur while sending
the message, not while receiving it.  Whether the message originated
locally or over the network will matter.  Thus there is a potential
problem for local exploits with an SUID sendmail binary.

In particular, if you have old sendmail binaries left around that you
haven't deleted, you should at least turn off any SUID and SGID
privileges.  Incidently that's a good practice for old disused
versions of any program.

 -NWR




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ