The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Zardoz 'Security Digest' - Archives (1989 - 1991)
DOCUMENT: Zardoz 'Security Digest' V2 #2 1990-01-11 (1 file, 916 bytes)
SOURCE: http://securitydigest.org/exec/display?f=zardoz/archive/202.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT


Date: Thu, 11 Jan 90 12:39:26 PST
Subject: Security Digest V2 #2

Security Digest Volume 2 Issue 2

subject(s):

            mail writing to files
            Sun Sendmail loophole
            Re: Sun Sendmail loophole

------------------------------------------------------------------------

Date: Thu, 11 Jan 90 09:56:23 EST
From: uunet!cabot.dartmouth.edu!wbc (Wayne B. Cripps)
Subject: mail writing to files

The other night someone used sendmail to append to some users'
.rhosts files from a remote machine.  We are running Sun OS 4.0.3,
with the mx sendmail that comes from sun, and the mail files are
all on the server.  I can't duplicate the method used, and I would
like to know how it was done, and how to prevent it in the future.
I have source for the bsd 4.3 binmail - would that be of any help.
I don't have source for sun.

------------------------------------------------------------------------

Date: Thu, 11 Jan 90 10:29:46 EST
From: uunet!cabot.dartmouth.edu!wbc (Wayne B. Cripps)
Subject: Sun Sendmail loophole

I just sent in mail about a security hole which lets you append to
a user's files - I now know it was done.  I still need help fixing  it!

------------------------------------------------------------------------

Date: Thu, 11 Jan 90 12:35:46 PST
From: neil (Neil Gorsuch)
Subject: Re: Sun Sendmail loophole

[ As reported in security digest issues 34 and 35 of volume 1, there
is a hole in Sun sendmail that was supposed to be fixed, but still
exists in Sunos 4.0.3.  The hole allows you to write into any file
owned by any user other than root.  There are two ways to fix it.  One
is to get UCB sendmail version 5.61 or later and apply the diffs sent
out by sob@bcm.tmc.edu that enable YP aliases support.  The other is
to get the appropriate sendmail file from uunet.uu.net in the
sun-fixes directory, which are supposed to be Sunos 4.1Beta versions
linked for running on 4.0.x; this is supposed to be an enhanced
sendmail 5.59 with security bug fixes. - neil ]

------------------------------------------------------------------------

        End of Security Digest Volume 2 Issue 2
        **********************

END OF DOCUMENT