Bugtraq mailing list archives
Re: *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
From: Roman Drahtmueller <draht () suse de>
Date: Tue, 21 Aug 2001 21:28:37 +0200 (MEST)
Subject: Sendmail Debugger Arbitrary Code Execution Vulnerability
[...]
Vulnerable Systems: Sendmail Consortium Sendmail 8.12beta7 Sendmail Consortium Sendmail 8.12beta5 Sendmail Consortium Sendmail 8.12beta16 Sendmail Consortium Sendmail 8.12beta12 Sendmail Consortium Sendmail 8.12beta10 Sendmail Consortium Sendmail 8.11.5 Sendmail Consortium Sendmail 8.11.4 Sendmail Consortium Sendmail 8.11.3 Sendmail Consortium Sendmail 8.11.2 Sendmail Consortium Sendmail 8.11.1 Sendmail Consortium Sendmail 8.11
[...]
Non-Vulnerable Systems:
Some part is missing here...
Summary: Sendmail contains an input validation error, may lead to the execution of arbitrary code with elevated privileges.
[...]
-------------------- This vulnerability, present in sendmail open source versions between 8.11.0 and 8.11.5 has been corrected in 8.11.6. sendmail 8.12.0.Beta users should upgrade to 8.12.0.Beta19. The problem was not present in 8.10 or earlier versions. However, as always, we recommend using the latest version. Note that this problem is not remotely exploitable. Additionally, sendmail 8.12 will no longer uses a set-user-id root binary by default. --------------------
[...] SuSE are currently working on update packages for the 7.0, 7.1 and 7.2 distributions (which are affected). The supported distributions 6.3 and 6.4 come with sendmail-8.9.3 which does not seem to be vulnerable to this problem. The packages should be available shortly at ftp://ftp.suse.com/pub/suse/i386/update/*. Offtopic and mentioned here to keep the noise down (in.telnetd): The 7.x distribution update directories contain update packages for the recently discovered in.telnetd security problem (buffer overflow). While we are working for a solution for the 6.x distribution, the available packages are ready for use. It is recommended to apply these updates as soon as possible. The packages for the 7.1 distribution are called nkitserv.rpm, for 7.2 it's called telnet-server.rpm. The packages for the 6.x distributions prove to worksome because of a much older codebase and changed behaviour of parts of the glibc. We hope to be able to provide a suitable solution soon. We recommend to disable the telnet service by commenting it out from the /etc/inetd.conf file (with a following "killall -HUP inetd" to make inetd re-read its config file) until an update package for your distribution is available. If you do not need the telnet server service, you should leave the service disabled even if you have applied an update package to your system. Thanks, Roman Drahtmüller, SuSE Security. -- - - | Roman Drahtmüller <draht () suse de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Current thread:
- *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd) Dave Ahmed (Aug 21)
- Re: *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd) Roman Drahtmueller (Aug 21)
- sample exploit....Re: *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd) Lucian Hudin (Aug 22)