Bugtraq mailing list archives

Re: sendmail -C: Known? Patches? (AIX 4.1.5)

From: troy () AUSTIN IBM COM (Troy Bollinger)
Date: Sun, 10 Aug 1997 08:28:41 -0500


-----BEGIN PGP SIGNED MESSAGE-----

Gene Spafford wrote:


Old bugs never quite seem to die....  If the problem is in a recent
version of AIX I think it would be very interesting to find how & why
it got there.


The sendmail bug in AIX 4 does not allow any "ordinary" user
to use the "-C" flag, only root or members of the administrative
group "system" (gid=0).

Note that even though the AIX sendmail is setgid to the system group,
it does NOT allow normal users to read any file on the system.

IBM will be issuing the following APARs to deny the "-C" flag to
group system as well:

  AIX 4.1:  IX70238
  AIX 4.2:  IX70239

- --
+----------------  Opinions are my own  -------------------+
|Troy Bollinger             |                    92CBR600F2|
|AIX Security Development   |           troy () austin ibm com|
+----------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.7.1

iQCVAwUBM+3CCcjqvEm3eDEpAQGf/QP+JxjJrJxJZJ4sO9pKfNMaoD9kjwsvwHBK
f2/gVYkjknzVngSlLcydKmTIFzwVKnu8nYaU3WQg2Oo17gQi7kuykIBRnq9O/RDt
cCQSqvtUaE7B1A12MG1vX45oPPRMDarLh5PuqNzWe0C8tH4ppvqrjW9xitgnConG
p448vK6zXts=
=v/WG
-----END PGP SIGNATURE-----

Current thread:

Sun Security Bulletin #00149, (continued)
- - - Sun Security Bulletin #00149 Aleph One (Aug 13)
    - Sun Security Bulletin #00150 Aleph One (Aug 13)
    - Possible fixed identd Phillip R. Jaenke (Aug 13)
    - CERT Advisory CA-97.22 - BIND - the Berkeley Internet Name Daemon Aleph One (Aug 14)
    - Vulnerability in 4.4BSD rfork() implementation Thomas H. Ptacek (Aug 02)
    - Linux clone() looks safe (Re: Vulnerability in 4.4BSD rfork() Jeff Epler (Aug 02)
    - Re: Linux clone() looks safe (Re: Vulnerability in 4.4BSD rfork() Marc Slemko (Aug 03)
  - Re: sendmail -C: Known? Patches? (AIX 4.1.5) Eric Allman (Aug 06)
  - Re: sendmail -C: Known? Patches? (AIX 4.1.5) Eric Allman (Aug 07)
    - Re: sendmail -C: Known? Patches? (AIX 4.1.5) Gene Spafford (Aug 09)
    - Re: sendmail -C: Known? Patches? (AIX 4.1.5) Troy Bollinger (Aug 10)
    - procfs hole Brian Mitchell (Aug 10)
    - Re: procfs hole Jonathan A. Zdziarski (Aug 10)
    - Re: procfs hole Brian Mitchell (Aug 10)
  - NT DNS Implicit Search Order Hole Aleph One (Aug 09)
    - Program To decrypt password in ws_ftp.ini JeBe (Aug 10)