[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Sendmail: If you haven't patched it yet..

Subject: Re: [cobalt-security] Sendmail: If you haven't patched it yet..
From: "Ian" <cobalt@xxxxxxxxxxxxx>
Date: Wed, 05 Mar 2003 16:59:52 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On 5 Mar 2003 at 11:45, DNSAdmin wrote:

> You should be shaking in yer boots! You're gonna get hacked!
> 
> http://zdnet.com.com/2100-1105-991041.html
> 
> Hackers' code exploits Sendmail flaw
> 
> A group of four Polish hackers published code to an open security mailing 
> list on Tuesday that can take advantage of a major vulnerability in the 
> Sendmail mail server.
> 
> Sorry; after reading that, I was sure glad I'm patched!

Hi,

The code they released will only work on certain systems:

> Freebsd 4.4          - (default & self compiled Sendmail 8.11.6)  does not
> crash Solaris 8.0 x86      - (default & self compiled Sendmail 8.11.6) 
> does not crash Solaris 8.0 sparc    - (default & self compiled Sendmail
> 8.11.6)  does not crash HP-UX 10.20          - (self compiled Sendmail
> 8.11.6)            does not crash IRIX 6.5.14          - (self compiled
> Sendmail 8.11.6)		  does not crash AIX 4.3              - (binary of
> Sendmail 8.11.3 from bull.de)   does not crash RedHat 7.0           -
> (default Sendmail 8.11.0)                  does not crash RedHat 7.2       
>    - (default Sendmail 8.11.6)                  does not crash RedHat 7.3  
>   (p)   - (patched Sendmail 8.11.6)                  does not crash RedHat
> 7.0           - (self compiled Sendmail 8.11.6)            crashes RedHat
> 7.2           - (self compiled Sendmail 8.11.6)            crashes RedHat
> 7.3           - (self compiled Sendmail 8.11.6)            crashes
> Slackware  8.0 (p)   - (patched Sendmail 8.11.6 binary)           crashes
> Slackware  8.0       - (self compiled Sendmail 8.12.7)            does not
> crash RedHat 7.x           - (self compiled Sendmail 8.12.7)		  does not
> crash 

The ones that say 'crashed' were vulnerable.

They also go onto say:

> IMPACT Due to the nature of the discussed sendmail vulnerability it seems
> that it is unexploitable on most of commercially available UNIX systems. It
> also doesn't seem to be exploitable on most of the default SMTP
> installations of x86 based open-source systems. This leads to the
> conclusion that the overall impact of the vulnerability is rather limited
> and not so significant as it might be thought. 
> 
> Hovever, we cannot exclude that there does not exist another execution
> path in the sendmail code, that could lead to the program counter
> overwrite. 

The code they submitted was for Slackware 8.0

The original post to Bugtraq (with code) can be found here:

http://www.securityfocus.com/archive/1/313757

Regards


Ian
--

References:
- [cobalt-security] Sendmail: If you haven't patched it yet..
  - From: DNSAdmin

Prev by Date: [cobalt-security] Sendmail: If you haven't patched it yet..
Next by Date: Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
Previous by thread: [cobalt-security] Sendmail: If you haven't patched it yet..
Next by thread: Re: [cobalt-security] Sendmail: If you haven't patched it yet..

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index