Subject: Caldera Security Advisory 96.06: Vulnerability in sendmail Caldera Security Advisory SA-96.06 Original issue date: November 18th, 1996 Last revised: November 21st, 1996 Topic: Vulnerability in sendmail I. Problem Description The sendmail program is the default MTA (Mail Transport Agent) for the Caldera Network Desktop. To gain access to resources it needs, the sendmail program is installed as set-user-id root. A vulnerability in sendmail makes it possible start a program such as a shell that has root permissions on the local machine. Exploit programs for sendmail are known to exist for Linux systems on x86 hardware. This problem likely exists for other Unix-like operating systems. II. Impact On systems such as CND 1.0, an unprivileged user can obtain root access. A shell account on the local machine is needed to exploit this vulnerability. This particular vulnerability is not known to be exploitable by a remote user. III. Solution Install a version of sendmail with the patch that prevents this vulnerability. /etc/rc.d/init.d/sendmail.init stop ncftp ftp://ftp.caldera.com/pub/cnd-1.0/updates/sendmail-8.7.1-2c1.i386.rpm rpm -Uvh sendmail-8.7.1-2c1.i386.rpm /etc/rc.d/init.d/sendmail.init start If local changes to /etc/aliases have been made, they will be save in /etc/aliases.orig and will need to be re-installed. This particular version is same version as shipped with CND 1.0 but with the security patch applied. (Newer versions of sendmail have been released by its author.) MD5 signatures of these packages (using the "md5sum" command): 5471b0370e873b31c387dfdafbb02867 sendmail-8.7.1-2c1.i386.rpm e92cdeb8d75ea96f17ee04a1671e3c57 sendmail-8.7.1-2c1.src.rpm IV. References This and other Caldera security resources are located at: http://www.caldera.com/tech-ref/cnd-1.0/security/ Other sendmail related information can be found at: http://www.sendmail.org/ and in the Usenet newsgroup comp.mail.sendmail The CERT advisory on this problem is located at: ftp://info.cert.org/pub/cert_advisories/CA-96.24.sendmail.daemon.mode