[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
- Subject: Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
- From: Jay Summers <jay@xxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 5 Mar 2003 12:22:03 -0600
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Wednesday, March 5, 2003, at 09:29 AM, Jay Summers wrote:
Here's cut and paste instructions. I provide no warranty, use at your
own risk, YMMV, yada, yada, yada.
SSH into your server.
# su -
# enter admin password
[root root]# cd /home
[root home]# wget http://www.knet.at/~hk/raq2/sendmail
[root home]# mv sendmail /usr/sbin/sendmail.new
[root home]# cd /usr/sbin
[root sbin]# cp sendmail sendmail.orig
[root sbin]# chgrp mail sendmail.new
[root sbin]# chmod 555 sendmail.new
[root sbin]# chmod u+s sendmail.new
Check permissions on the new sendmail.
[root sbin]# ls -la sendmail*
-r-sr-xr-x 1 root mail 530172 Mar 4 09:19 sendmail
-r-sr-xr-x 1 root root 737374 Mar 4 09:17 sendmail.new
-r-sr-xr-x 1 root root 737374 Mar 4 09:17 sendmail.orig
[root sbin]# mv sendmail.new sendmail
Forgot one _very_ important step. The new binary that Harald provided
expects the sendmail.cf file to be located in /etc/mail. So you'll have
to create a symbolic link before you restart sendmail below.
[root sbin]# ln -s /etc/sendmail.cf /etc/mail/sendmail.cf
[root sbin]# /etc/rc.d/init.d/sendmail stop
[root sbin]# /etc/rc.d/init.d/sendmail start
-> check yourself by telnetting to it on port 25
eg.
telnet localhost 25
(then type "quit")
It will tell you what version of sendmail is running.
Sorry folks, I hope this clears things up.
-j