[8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995

[8lgm () bagpuss demon co uk ([8LGM] Security Team)]

This advisory has been sent to:

        comp.security.unix
        CERT/CC                 <cert () cert org>

===========================================================================
                [8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995


PROGRAM:

        sendmail(8)        (Version 5.*)

KNOWN VULNERABLE VERSIONS:

        SunOS 4.1.* up to and including patch 100377-19
        Sendmail V5.*
        IDA Sendmail V5.*
        (Likely that any sendmail based on V5 is also vulnerable).
        
DESCRIPTION:

        A flaw exists in versions of sendmail based on V5, which allows
        users to run programs and/or append to files remotely.

        The user does not require an account on that system.

IMPACT:

        Systems running V5 based sendmail are exploitable remotely.

REPEAT BY:

        At this time, exploit details are not available.  Exploit
        details will be provided on the 8lgm fileserver, at some
        point in the future.

DISCUSSION:

        Details have been provided to ecd () cert org, in order to speed
        up availability of exploit information to vulnerable vendors.

WORKAROUND & FIX:

        1) Install V8 sendmail.

        2) Obtain patch from vendor.

FEEDBACK AND CONTACT INFORMATION:

        majordomo () 8lgm org        (Mailing list requests - try 'help'
                                   for details)

        8lgm () 8lgm org                  (Everything else)

8LGM FILESERVER:

        All [8LGM] advisories may be obtained via the [8LGM] fileserver.
        For details, 'echo help | mail 8lgm-fileserver () 8lgm org'
===========================================================================