Date: Thu, 11 Jan 90 12:39:26 PST Subject: Security Digest V2 #2 Security Digest Volume 2 Issue 2 subject(s): mail writing to files Sun Sendmail loophole Re: Sun Sendmail loophole ------------------------------------------------------------------------ Date: Thu, 11 Jan 90 09:56:23 EST From: uunet!cabot.dartmouth.edu!wbc (Wayne B. Cripps) Subject: mail writing to files The other night someone used sendmail to append to some users' .rhosts files from a remote machine. We are running Sun OS 4.0.3, with the mx sendmail that comes from sun, and the mail files are all on the server. I can't duplicate the method used, and I would like to know how it was done, and how to prevent it in the future. I have source for the bsd 4.3 binmail - would that be of any help. I don't have source for sun. ------------------------------------------------------------------------ Date: Thu, 11 Jan 90 10:29:46 EST From: uunet!cabot.dartmouth.edu!wbc (Wayne B. Cripps) Subject: Sun Sendmail loophole I just sent in mail about a security hole which lets you append to a user's files - I now know it was done. I still need help fixing it! ------------------------------------------------------------------------ Date: Thu, 11 Jan 90 12:35:46 PST From: neil (Neil Gorsuch) Subject: Re: Sun Sendmail loophole [ As reported in security digest issues 34 and 35 of volume 1, there is a hole in Sun sendmail that was supposed to be fixed, but still exists in Sunos 4.0.3. The hole allows you to write into any file owned by any user other than root. There are two ways to fix it. One is to get UCB sendmail version 5.61 or later and apply the diffs sent out by sob@bcm.tmc.edu that enable YP aliases support. The other is to get the appropriate sendmail file from uunet.uu.net in the sun-fixes directory, which are supposed to be Sunos 4.1Beta versions linked for running on 4.0.x; this is supposed to be an enhanced sendmail 5.59 with security bug fixes. - neil ] ------------------------------------------------------------------------ End of Security Digest Volume 2 Issue 2 **********************