drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Umgehung der Restriktionen der smrsh in sendmail
Name: |
Umgehung der Restriktionen der smrsh in sendmail
|
|
ID: |
CSSA-2002-052.0 |
|
Distribution: |
Caldera |
|
Plattformen: |
Caldera Server 3.1, Caldera Workstation 3.1, Caldera Server 3.1.1, Caldera Workstation 3.1.1 |
|
Datum: |
Fr, 22. November 2002, 12:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Sendmail |
|
Originalnachricht |
--yr/DzoowOgTDcSCF Content-Disposition: inline Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com
______________________________________________________________________________
SCO Security Advisory
Subject: Linux: sendmail smrsh bypass vulnerabilities Advisory number: CSSA-2002-052.0 Issue date: 2002 November 21 Cross reference: ______________________________________________________________________________
1. Problem Description
From the iDEFENSE Security Advisory 10.01.02:
It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium's Restricted Shell (SMRSH) and execute a binary of his choosing by inserting a special character sequence into his .forward file. SMRSH is an application intended as a replacement for sh for use in Sendmail.
2. Vulnerable Supported Versions
System Package ----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to sendmail-8.11.6-11.i386.rpm prior to sendmail-cf-8.11.6-11.i386.rpm prior to sendmail-doc-8.11.6-11.i386.rpm
OpenLinux 3.1.1 Workstation prior to sendmail-8.11.6-11.i386.rpm prior to sendmail-cf-8.11.6-11.i386.rpm prior to sendmail-doc-8.11.6-11.i386.rpm
OpenLinux 3.1 Server prior to sendmail-8.11.6-11.i386.rpm prior to sendmail-cf-8.11.6-11.i386.rpm prior to sendmail-doc-8.11.6-11.i386.rpm
OpenLinux 3.1 Workstation prior to sendmail-8.11.6-11.i386.rpm prior to sendmail-cf-8.11.6-11.i386.rpm prior to sendmail-doc-8.11.6-11.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-052.0/RPMS
4.2 Packages
801885a99b80d0efed1356ecad6768be sendmail-8.11.6-11.i386.rpm fdc3ec861fb77a8d5efd80c711c77dfe sendmail-cf-8.11.6-11.i386.rpm d33bbd8db1d0347a5b03487b2c4e01c8 sendmail-doc-8.11.6-11.i386.rpm
4.3 Installation
rpm -Fvh sendmail-8.11.6-11.i386.rpm rpm -Fvh sendmail-cf-8.11.6-11.i386.rpm rpm -Fvh sendmail-doc-8.11.6-11.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-052.0/SRPMS
4.5 Source Packages
17e678b9e82b3ea5e06b036efec4f4ad sendmail-8.11.6-11.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-052.0/RPMS
5.2 Packages
b27b55dc5bd43eaad0436859ec7550c3 sendmail-8.11.6-11.i386.rpm ecf5c724d092d9d3a6b97f5634325cb5 sendmail-cf-8.11.6-11.i386.rpm 2c4f99b24b5807d3e4a15b144a7660fa sendmail-doc-8.11.6-11.i386.rpm
5.3 Installation
rpm -Fvh sendmail-8.11.6-11.i386.rpm rpm -Fvh sendmail-cf-8.11.6-11.i386.rpm rpm -Fvh sendmail-doc-8.11.6-11.i386.rpm
5.4 Source Package Location
SRPMS
5.5 Source Packages
c9f0ecff09724880e8a01bbce9cf0364 sendmail-8.11.6-11.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-052.0/RPMS
6.2 Packages
9e2dd5db944ef26a1655c61946861449 sendmail-8.11.6-11.i386.rpm 75e3ace99d3b19a81bf5464768788ba0 sendmail-cf-8.11.6-11.i386.rpm 8872f76c94f6f23b7aad009053592cbf sendmail-doc-8.11.6-11.i386.rpm
6.3 Installation
rpm -Fvh sendmail-8.11.6-11.i386.rpm rpm -Fvh sendmail-cf-8.11.6-11.i386.rpm rpm -Fvh sendmail-doc-8.11.6-11.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-052.0/SRPMS
6.5 Source Packages
146c778258b59082f0ee0ba235bfbc7b sendmail-8.11.6-11.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-052.0/RPMS
7.2 Packages
d267d43ae1a996598d5d4b605ff6ae49 sendmail-8.11.6-11.i386.rpm a4dfa76da9d2bb9e6bc5ec96b82a0e02 sendmail-cf-8.11.6-11.i386.rpm 860b4aa74905e1d9093fb0d121f77dc8 sendmail-doc-8.11.6-11.i386.rpm
7.3 Installation
rpm -Fvh sendmail-8.11.6-11.i386.rpm rpm -Fvh sendmail-cf-8.11.6-11.i386.rpm rpm -Fvh sendmail-doc-8.11.6-11.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-052.0/SRPMS
7.5 Source Packages
0dcc6753c98c6b618297dc5c03c22932 sendmail-8.11.6-11.src.rpm
8. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1165
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr869922, fz526234, erg712134.
9. Disclaimer
SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products.
10. Acknowledgements
zen-parse (zen-parse@gmx.net) and Pedram Amini (pamini@idefense.com) discovered and researched these vulnerabilities.
______________________________________________________________________________
--yr/DzoowOgTDcSCF Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SCO_SV) Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj3dbc4ACgkQbluZssSXDTGBaQCdFhaSzmaLY+XEUP9DAUL1p7nj 7kwAn0Rzs7BzSi+OyVG9rGKEdipe9cf4 =2Xbf -----END PGP SIGNATURE-----
--yr/DzoowOgTDcSCF--
|
|
|
|