lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20021121153543.Q18657@caldera.com>
From: security at caldera.com (security@...dera.com)
Subject: Security Update: [CSSA-2002-052.0] Linux: sendmail smrsh bypass vulnerabilities

To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com full-disclosure@...ts.netsys.com

______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: sendmail smrsh bypass vulnerabilities 
Advisory number: 	CSSA-2002-052.0
Issue date: 		2002 November 21
Cross reference:
______________________________________________________________________________


1. Problem Description

	From the iDEFENSE Security Advisory 10.01.02:

	It is possible for an attacker to bypass the restrictions
	imposed by The Sendmail Consortium's Restricted Shell (SMRSH)
	and execute a binary of his choosing by inserting a special
	character sequence into his .forward file. SMRSH is an
	application intended as a replacement for sh for use in
	Sendmail.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to sendmail-8.11.6-11.i386.rpm
					prior to sendmail-cf-8.11.6-11.i386.rpm
					prior to sendmail-doc-8.11.6-11.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to sendmail-8.11.6-11.i386.rpm
					prior to sendmail-cf-8.11.6-11.i386.rpm
					prior to sendmail-doc-8.11.6-11.i386.rpm

	OpenLinux 3.1 Server		prior to sendmail-8.11.6-11.i386.rpm
					prior to sendmail-cf-8.11.6-11.i386.rpm
					prior to sendmail-doc-8.11.6-11.i386.rpm

	OpenLinux 3.1 Workstation	prior to sendmail-8.11.6-11.i386.rpm
					prior to sendmail-cf-8.11.6-11.i386.rpm
					prior to sendmail-doc-8.11.6-11.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-052.0/RPMS

	4.2 Packages

	801885a99b80d0efed1356ecad6768be	sendmail-8.11.6-11.i386.rpm
	fdc3ec861fb77a8d5efd80c711c77dfe	sendmail-cf-8.11.6-11.i386.rpm
	d33bbd8db1d0347a5b03487b2c4e01c8	sendmail-doc-8.11.6-11.i386.rpm

	4.3 Installation

	rpm -Fvh sendmail-8.11.6-11.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-11.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-11.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-052.0/SRPMS

	4.5 Source Packages

	17e678b9e82b3ea5e06b036efec4f4ad	sendmail-8.11.6-11.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-052.0/RPMS

	5.2 Packages

	b27b55dc5bd43eaad0436859ec7550c3	sendmail-8.11.6-11.i386.rpm
	ecf5c724d092d9d3a6b97f5634325cb5	sendmail-cf-8.11.6-11.i386.rpm
	2c4f99b24b5807d3e4a15b144a7660fa	sendmail-doc-8.11.6-11.i386.rpm

	5.3 Installation

	rpm -Fvh sendmail-8.11.6-11.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-11.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-11.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-052.0/SRPMS

	5.5 Source Packages

	c9f0ecff09724880e8a01bbce9cf0364	sendmail-8.11.6-11.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-052.0/RPMS

	6.2 Packages

	9e2dd5db944ef26a1655c61946861449	sendmail-8.11.6-11.i386.rpm
	75e3ace99d3b19a81bf5464768788ba0	sendmail-cf-8.11.6-11.i386.rpm
	8872f76c94f6f23b7aad009053592cbf	sendmail-doc-8.11.6-11.i386.rpm

	6.3 Installation

	rpm -Fvh sendmail-8.11.6-11.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-11.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-11.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-052.0/SRPMS

	6.5 Source Packages

	146c778258b59082f0ee0ba235bfbc7b	sendmail-8.11.6-11.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-052.0/RPMS

	7.2 Packages

	d267d43ae1a996598d5d4b605ff6ae49	sendmail-8.11.6-11.i386.rpm
	a4dfa76da9d2bb9e6bc5ec96b82a0e02	sendmail-cf-8.11.6-11.i386.rpm
	860b4aa74905e1d9093fb0d121f77dc8	sendmail-doc-8.11.6-11.i386.rpm

	7.3 Installation

	rpm -Fvh sendmail-8.11.6-11.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-11.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-11.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-052.0/SRPMS

	7.5 Source Packages

	0dcc6753c98c6b618297dc5c03c22932	sendmail-8.11.6-11.src.rpm


8. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1165

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr869922, fz526234,
	erg712134.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


10. Acknowledgements

	zen-parse (zen-parse@....net) and Pedram Amini
	(pamini@...fense.com) discovered and researched these
	vulnerabilities.

______________________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 237 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021121/8c0683e7/attachment-0001.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ