Bugtraq mailing list archives

SGI Security Advisory 19961103 - Sendmail Daemon Mode

From: agent99 () boytoy csd sgi com (SGI Security Coordinator)
Date: Thu, 21 Nov 1996 14:14:18 -0800


DISTRIBUTION RESTRICTIONS -   NONE  :  FOR PUBLIC RELEASE



-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
                Silicon Graphics Inc. Security Advisory

        Title:   Sendmail Daemon Mode Vulnerability
        Title:   CERT(sm) Advisory CA-96.24
        Number:  19961103-01-I
        Date:    November 21, 1996
______________________________________________________________________________

Silicon Graphics provides this information freely to the SGI user community
for its consideration, interpretation, implementation and use.   Silicon
Graphics recommends that this information be acted upon as soon as possible.

Silicon Graphics  will  not  be  liable  for any  indirect, special, or
consequential damages arising from the use of, failure to use or improper
use of any of the instructions or information in this Security Advisory.
______________________________________________________________________________


As a followup to the CERT(sm) Advisory CA-96.24 ("Sendmail Daemon Mode
Vulnerability"), SGI has investigated this information and provides the
following information.


- --------------
- --- Impact ---
- --------------

The sendmail program is used for delivery and reception of mail messages
and is a standard part of the Silicon Graphics IRIX operating system.

Per CERT(sm) Advisory CA-96.24, the sendmail program which is normally
only invoked in daemon mode by the root user can be bypassed invoked
to give unprivileged local users the ability to gain root privileges.



- ----------------
- --- Solution ---
- ----------------

Silicon Graphics has historically provided a version 8.6.x sendmail
program.   The most recent SGI sendmail patch (1502) provides a version
8.6.12 sendmail program also.

The versions of sendmail provided in the distributed Silicon Graphics IRIX
operating system versions 5.2, 5.3, 6.0, 6.0.1, 6.1, 6.2 and 6.3 (and in
SGI patch 1502, which is the latest released patch for sendmail) are not
vulnerable to the exploitation as described in the CERT Advisory CA-96:24.

No further action is required.



- ------------------------
- --- Acknowledgments ---
- ------------------------

Silicon Graphics wishes to thank the CERT(sm) Coordination Center
for their assistance in this matter.



- -----------------------------------------
- --- SGI Security Information/Contacts ---
- -----------------------------------------

If there are questions about this document, email can be sent to
cse-security-alert () csd sgi com.

                      ------oOo------

Silicon Graphics provides security information and patches for
use by the entire SGI community.  This information is freely
available to any person needing the information and is available
via anonymous FTP and the Web.

The primary SGI anonymous FTP site for security information and patches
is sgigate.sgi.com (204.94.209.1).  Security information and patches
are located under the directories ~ftp/security and ~ftp/patches,
respectively. The Silicon Graphics Security Headquarters Web page is
accessible at the URL http://www.sgi.com/Support/Secur/security.html.

For issues with the patches on the FTP sites, email can be sent to
cse-security-alert () csd sgi com.

For assistance obtaining or working with security patches, please
contact your SGI support provider.

                      ------oOo------

Silicon Graphics provides a free security mailing list service
called wiretap and encourages interested parties to self-subscribe
to receive (via email) all SGI Security Advisories when they are
released. Subscribing to the mailing list can be done via the Web
(http://www.sgi.com/Support/Secur/wiretap.html) or by sending email
to SGI as outlined below.

% mail wiretap-request () sgi com
subscribe wiretap <YourEmailAddress>
end
^d

In the example above, <YourEmailAddress> is the email address that you
wish the mailing list information sent to.  The word end must be on a
separate line to indicate the end of the body of the message. The
control-d (^d) is used to indicate to the mail program that you are
finished composing the mail message.


                      ------oOo------

Silicon Graphics provides a comprehensive customer World Wide Web site.
This site is located at http://www.sgi.com/Support/Secur/security.html.

                      ------oOo------

For reporting *NEW* SGI security issues, email can be sent to
security-alert () sgi com or contact your SGI support provider.  A
support contract is not required for submitting a security report.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMpTRgLQ4cFApAP75AQGVXAP/bRxYY0Ul0gKn7zVU66Gg7cp07sj51DOf
yrI9DATkAv5qj7FH6nAoy/PItIMOJjWVYAV6s4pmSlabQNqfvq5ocf+idvVmxaZ7
mqNzD9T93HUBc2mvBQQojviCRftQKFL0yXsk8jbtJ8D0G9rEQmBGdARAlzlFv6IH
xMf52WpfzHk=
=FBNf
-----END PGP SIGNATURE-----

Current thread:

Re: BoS: Magic password of some linux-box(Hardware..) Brian F. Knoll (Nov 20)
- Re: BoS: Magic password of some linux-box(Hardware..) Roger Moar (Nov 21)
- BoS: Magic password of some linux-box(Hardware..) (fwd) sameer (Nov 21)
- SGI Security Advisory 19961102 - FLEXlm and LicenseManager SGI Security Coordinator (Nov 21)
- SGI Security Advisory 19961103 - Sendmail Daemon Mode SGI Security Coordinator (Nov 21)
- CERT Advisory CA-96.24 - Sendmail Daemon Mode Vulnerability CERT Advisory (Nov 21)
- L0pht Kerberos Advisory sameer (Nov 22)
- <Possible follow-ups>
- Re: BoS: Magic password of some linux-box(Hardware..) Eugene Bradley (Nov 20)