Bugtraq mailing list archives
Re: sendmail 8.12.8 available
From: Neil W Rickert <rickert+bt () cs niu edu>
Date: Tue, 04 Mar 2003 17:14:27 -0600
"Mordechai T. Abzug" <morty () frakir org> wrote:
Question: are the header and ident issues *only* remote overflow problems, or is this also a local vulnerability? Ie. if one has a system that doesn't run sendmail in daemon mode (-bd), but does make sendmail available as an SUID root binary for submission to the local smarthost and does run sendmail is queue-process mode (ie. -q15m), is the system still vulnerable? Given that the problem is in the header parsing, I would expect this to be both a remote and a local problem, but I'd like to make sure before doing lots of upgrades.
I don't think there has been a comment on this yet. Sendmail will only use "ident" when receiving mail on a network connection. There is no local exploit available there if sendmail is not listening on the net. Possibly a local user could invoke "sendmail -bs" with stdin/stdout assigned to a connected socket. In that case there might be an ident call. For the header problem, any buffer overflow would occur while sending the message, not while receiving it. Whether the message originated locally or over the network will matter. Thus there is a potential problem for local exploits with an SUID sendmail binary. In particular, if you have old sendmail binaries left around that you haven't deleted, you should at least turn off any SUID and SGID privileges. Incidently that's a good practice for old disused versions of any program. -NWR
Current thread:
- sendmail 8.12.8 available Claus Assmann (Mar 03)
- Re: sendmail 8.12.8 available Florian Weimer (Mar 03)
- Re: sendmail 8.12.8 available Nico Erfurth (Mar 04)
- Message not available
- Re: sendmail 8.12.8 available Bennett Todd (Mar 07)
- Re: sendmail 8.12.8 available Florian Weimer (Mar 03)
- Re: sendmail 8.12.8 available Mordechai T. Abzug (Mar 04)
- Re: sendmail 8.12.8 available Neil W Rickert (Mar 06)