Bugtraq mailing list archives
Re: Security Info (root broken)
From: Mark.Graff () Corp Sun COM ( Mark Graff )
Date: Thu, 29 Sep 1994 14:58:19 -0700
Several people have asked about the status of Sun's /bin/mail patches. The quick status is that we will be issuing another patch within the next few days. It fixes the problems pointed out in the two postings from 8LGM and one or two others that were uncovered in the course of testing. This version has been extensively tested; and the last external tester reported success just this morning. Now all that remains is to package, release, and announce it. I think the original poster also wanted to know how to get information about security patches from Sun. The answer there, if you are seeking official information, is either to use the Answer Centers or security-alert () sun com (which I maintain). Mark Graff p.s. Followups to security-alert () sun com, not me personally, please. The "official" alias is better attended and is read even when I am out of comm. From bugtraq-owner () fc net Wed Sep 28 19:27:22 1994 Date: Wed, 28 Sep 1994 19:13:38 -0400 (EDT) To: Pat Myrto <rwing!pat () ole cdac com> Cc: bugtraq () crimelab com Subject: Re: Security Info (root broken) Precedence: bulk
of (thanks for nothing, security thru obscurity folks - the crackers DO have information that is denied us 'ordinary' folks). This was a new install, and it lasted about 4 days. One person heard thru the cracker grapvine that root was broken thru /bin/mail. HOW?! The permissions- fixing script from Sun had been run, plus things like arp, chill and
the bug in /bin/mail is fairly well known (not the one that sunos has a patch out for, but the one after - after the 8lgm advisory about this, there was some talk in comp.security.unix about any setuid root /bin/mail being vunerable) as well as that "Guide to securing you SunOS 4.1.3 machine" artical talked alot about that (btw: is anyone maintaining that? it's a great file) i don't think CERT or sun has an advisory or patch for it... just the ones mentioned in comp.security.unix
Can someone out there please infomrm me how these cracker types are getting root privs, and how one can stop it short of disconnecting the machine? And most important, how one can test for these vulnerabilities, and FIX them. Is there a hole in /bin/mail? How does one test for it (I am working on a port of net-2s /bin/mail replacement). Also, how can one prevent
yes there is a bug in /bin/mail - if it is setuid root (ie: used as a delivery agent) it can be exploited to gain root access. there was an advisory about this ages ago (i forget who, some guy called Joerg Czeranski wrote it i think) - his solution was to use a local delivery agent he wrote called mail.local - if you want to close this hole, chmod u-s /bin/mail, install either procmail or the mail.local (which i have yet to find anywhere, procmail is easy to find... (i forget where.. archie is your friend), and then edit your Mlocal line in /etc/sendmail.cf to be procmail instead of /bin/mail as for the bug in it... umm.. well.. i dunno.. there is one (i won't be like jsz and say 'perhaps') and it is fairly well known and exploited.
Current thread:
- Re: Security Info (root broken) pluvius (Sep 29)
- <Possible follow-ups>
- Re: Security Info (root broken) Mark Graff (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)