Bugtraq mailing list archives
Sun Security Bulletin #129 (sendmail)
From: Mark.Graff () Eng Sun COM ( Mark Graff )
Date: Wed, 22 Feb 1995 17:00:31 -0800
Folks,
Here is the Sun companion bulletin to CERT CA-95:05.
Send inquiries to security-alert () sun com, please, not to me directly.
Thanks.
-mg-
-----------------------------------------------------------------------------
SUN MICROSYSTEMS SECURITY BULLETIN: #00129, 22 February 1995
-----------------------------------------------------------------------------
BULLETIN TOPICS
In this bulletin Sun summarizes the availability of new security
patches for SunOS 4.1.x systems and 5.x (Solaris 2.x) systems.
These patches, which are the same as those announced today in CERT
advisory CA-95:05, supply fixes to all sendmail security bugs known
to us.
Not all of the bugs discussed in the CERT advisory are present in Sun
software.
I. Announcement of patches for SunOS-wide "sendmail" vulnerability
II. Checksum Table
APPENDICES
A. How to obtain Sun security patches
B. How to report or inquire about Sun security problems
C. How to obtain Sun security bulletins
/\ Send Replies or Inquiries To:
\\ \
\ \\ / Mark Graff
/ \/ / / Sun Security Coordinator
/ / \//\ MS MPK3
\//\ / / 2550 Garcia Avenue
/ / /\ / Mountain View, CA 94043-1100
/ \\ \ Phone: 415-688-9081
\ \\ Fax: 415-688-9101
\/ E-mail: security-alert () Sun COM
-----------
Permission is granted for the redistribution of this Bulletin for
the purpose of alerting Sun customers to problems, as long as the
Bulletin is not edited and is attributed to Sun Microsystems.
Any other use of this information without the express written consent
of Sun Microsystems is prohibited. Sun Microsystems expressly disclaims
all liability for any misuse of this information by any third party.
-----------------------------------------------------------------------------
SUN MICROSYSTEMS SECURITY BULLETIN: #00129, 22 February 1995
-----------------------------------------------------------------------------
I. Announcement of patches for SunOS-wide "sendmail" vulnerability
A. Patch list
A set of new patches fix a sendmail security hole involving the
"-oM" option. The patched vulnerability can allow a user with an
unprivileged account on a system to overwrite system files and thus
gain root access.
We have produced patches for the versions of SunOS shown below.
OS version Patch ID Patch File Name
---------- --------- ---------------
4.1.3 100377-19 100377-19.tar.Z
4.1.3_U1 101665-04 101665-04.tar.Z
4.1.4 102356-01 102356-01.tar.Z
5.3 101739-07 101739-07.tar.Z
5.4 102066-04 102066-04.tar.Z
5.4_x86 102064-04 102064-04.tar.Z
Patches have also been created for Sun's Trusted Solaris and
Interactive Unix products. To obtain either, contact your Sun
representative.
B. Patch notes
1. The last security-related patches for sendmail were announced 21
July 1994. Sendmail patch revisions released since that time have
not been related to security.
2. Patches are available for all supported Sun architectures. Note
that this does not include the sun3 platform, which is no longer
supported, nor any version of the operating system prior to 4.1.3.
3. The 4.1.3 version of the patch is also applicable to 4.1.3C
systems.
4. The patch listed for 4.1.3_U1 (Solaris 1.1.1) applies to both
the A and B versions. This is currently true for all U1 patches.
5. Some previous SunOS 5.x sendmail patches were bundled into the
jumbo kernel patch during 1994. That decision proved to be a
mistake, and was reversed. The patches listed concern only
sendmail.
6. The only bug mentioned explicitly in the CERT advisory concerns
IDENT (RFC 1413) functionality. Sun does not support that feature,
and that bug is absent from all Sun software.
II. Checksum Table
In the checksum table we show the BSD and SVR4 checksums and MD5
digital signatures for the compressed tar archives.
File BSD SVR4 MD5
Name Checksum Checksum Digital Signature
--------------- ----------- ---------- --------------------------------
100377-19.tar.Z 01093 212 22539 423 8CE1C1E04B8A640F2B90EAE1AA813351
101665-04.tar.Z 28743 213 48403 426 EA5E76D0B1A43756E58AEA18AB6D7BCC
101739-07.tar.Z 30088 214 60567 428 CF85226BAF145D6B1BD457E189E771BE
102064-04.tar.Z 33127 188 30212 375 276F05037CA1A72D1D2019A98C241327
102066-04.tar.Z 13253 214 47552 428 AE190B5CAD8E0CFA8DE7DD059E4A7E71
102356-01.tar.Z 53116 203 58382 406 B23AC4EFDC8D82B6528E46E27717EBD8
The checksums shown above are from the BSD-based checksum
(on 4.1.x, /bin/sum; on Solaris 2.x, /usr/ucb/sum) and from
the SVR4 version on Solaris 2.x (/usr/bin/sum).
APPENDICES
A. How to obtain Sun security patches
1. If you have a support contract
Customers with Sun support contracts can obtain the patches listed
here--and all other Sun security patches--from:
- Local Sun answer centers, worldwide
- SunSolve Online, and SunSITEs worldwide
The patches are available via World Wide Web at http://sunsolve1.sun.com.
You should also contact your answer center if you have a support
contract and:
- You need assistance in installing a patch
- You need additional patches
- You want an existing patch ported to another platform
- You believe you have encountered a bug in a Sun patch
- You want to know if a patch exists, or when one will be ready
2. If you do not have a support contract
Sun also makes its security patches available to customers who do
not have a support contract, via anonymous ftp:
- In the US, from /systems/sun/sun-dist on ftp.uu.net
- In Europe, from ~ftp/sun/fixes on ftp.eu.net
In some cases patches will appear on the European site a day or
two after a bulletin is released.
Sun does not furnish patches to any external distribution sites
other than the ones mentioned here.
3. About the checksums
Patches announced in a Sun security bulletin are uploaded to the
ftp.*.net sites just before the bulletin is released, and seldom
updated. In contrast, the "supported" patch databases are
refreshed nightly, and will often contain newer versions of a patch
incorporating changes which are not security-related.
So that you can quickly verify the integrity of the patch files
themselves, we supply checksums for the tar archives in each
bulletin. The listed checksums should always match those on the
ftp.*.net systems. (The rare exceptions are listed in the
"checksums" file there.)
Normally, the listed checksums will also match the patches on the
SunSolve database. However, this will not be true if we have
changed (as we sometimes do) the README file in the patch after the
bulletin has been released.
In the future we plan to provide checksum information for the
individual components of a patch as well as the compressed archive
file. This will allow customers to determine, if need be, which
file(s) have been changed since we issued the bulletin containing
the checksums.
If you would like assistance in verifying the integrity of a patch
file please contact this office or your local answer center.
B. How to report or inquire about Sun security problems
If you discover a security problem with Sun software or wish to
inquire about a possible problem, contact one or more of the
following:
- Your local Sun answer centers
- Your representative computer security response team, such as CERT
- This office. Address postal mail to:
Sun Security Coordinator
MS MPK2-04
2550 Garcia Avenue Mountain
View, CA 94043-1100
Phone: 415-688-9081
Fax: 415-688-9101
E-mail: security-alert () Sun COM
We strongly recommend that you report problems to your local Answer
Center. In some cases they will accept a report of a security bug
even if you do not have a support contract. An additional notification
to the security-alert alias is suggested but should not be used as your
primary vehicle for reporting a bug.
C. How to obtain Sun security bulletins
1. Subscription information
Sun Security Bulletins are available free of charge as part of
our Customer Warning System. It is not necessary to have a Sun
support contract in order to receive them.
To subscribe to this bulletin series, send mail to the address
"security-alert () Sun COM" with the subject "subscribe CWS
your-mail-address" and a message body containing affiliation and
contact information. To request that your name be removed from the
mailing list, send mail to the same address with the subject
"unsubscribe CWS your-mail-address". Do not include other requests
or reports in a subscription message.
Due to the volume of subscription requests we receive, we cannot
guarantee to acknowledge requests. Please contact this office if
you wish to verify that your subscription request was received, or
if you would like your bulletin delivered via postal mail or fax.
2. Obtaining old bulletins
Sun Security Bulletins are archived on ftp.uu.net (in the same
directory as the patches) and on SunSolve. Please try these
sources first before contacting this office for old bulletins.
------------
Current thread:
- Bugtraq mailing list, (continued)
- Bugtraq mailing list William B. Chmura (Feb 21)
- fcntl() file locking under Solaris 2.4 Jas (Feb 21)
- Re: fcntl() file locking under Solaris 2.4 Jas (Feb 22)
- snooper watchers Ben Taylor (Feb 22)
- Re: snooper watchers Eric Conrad (Feb 22)
- Re: snooper watchers Ben Taylor (Feb 22)
- CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Paul 'Shag' Walmsley (Feb 22)
- Re: CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Dave Schweisguth (Feb 23)
- Sendmail 8.6.9 security hole Igor V. Semenyuk (Feb 22)
- Re: Sendmail 8.6.9 security hole Christopher Samuel (Feb 23)
- Sun Security Bulletin #129 (sendmail) Mark Graff (Feb 22)
- new sendmail bug? James W. Abendschan (Feb 22)
- Re: new sendmail bug? joel (Feb 22)
- Re: new sendmail bug? Dave Horsfall (Feb 22)
- Sendmail 8.6.10: what's different? der Mouse (Feb 23)
- X keyboard sniffing Paul Howell (Feb 23)
- Re: Sendmail 8.6.10: what's different? Igor V. Semenyuk (Feb 23)
- Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 24)
- Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 23)
- Re: Sendmail 8.6.10: what's different? Christian Wettergren (Feb 24)
- Re: new sendmail bug? Michael Van Norman (Feb 23)