-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 05 October 2001 05:36 pm, Chris Kloiber wrote: > On Fri, 5 Oct 2001, Margaret Doll wrote: > > Dear group, > > > > Recently I received notification that sendmail should be > > upgraded to 8.12.1 and ssh to 2.9.9 because of known vulnerabilities. > > When will these packages be available for RH 7.1? > > > > Thanks. > > We recently released a security errata for sendmail-8.11.6-1.7.1 that I > believe fixes the problems there. There may be an openssh errata in the > works, but I am not aware of it at this time.
There was a new sendmail advisory posted to bugtraq for sendmail versions up to and including 8.12.0. From the looks of it, sendmail has resolved them in 8.12.1. - From that post: (available here: watch the wrap) http://securityfocus.com/cgi-bin/archive.pl?id=1&mid=217549&; start=2001-09-25&end=2001-10-01 The mail system privileges compromise affects Sendmail 8.12.0. Other problems affect all versions up to 8.12.0. Vulnerability 1: Mail System Compromise -- CAN-2001-0713 - -------------------------------------------------------- Sendmail 8.12.0, in its default installation, is no longer using a setuid root binary to manipulate the mail queue and submit mail. This security enhancement is supposed to minimize the eventual impact of local Sendmail vulnerabilities. The new Sendmail binary is setgid smmsp, where smmsp is a special group with read-write queue access permissions. - From previous versions, Sendmail 8.12 inherits a functionality that allows users to specify custom configuration files or configuration parameters. In this case of processing of untrusted configurations, Sendmail was supposed to drop all extra privileges and continue to run at user level, causing no security risk. This mechanism worked fine in Sendmail versions prior to 8.12.0. Because of a programming error, this inherited code fails to drop extra group privileges completely in new setgid conditions, leaving the saved gid value untouched. By calling the setregid() function, the attacker will be able to regain dropped privileges. Extra privileges expose a security risk to the mail subsystem and, in specific conditions, might lead to further privilege elevation (see discussion below). <snip> Vulnerability 2: Queue Manipulation and Destruction -- CAN-2001-0714 - -------------------------------------------------------------------- All versions of Sendmail allow any user to process the whole mail queue, unless this feature is administratively disabled. This feature itself is not dangerous. Due to a programming bug, specific attacker-specified mail delivery options will be honored. It is possible to, for example, force Sendmail to drop queue contents by setting initial message hop count above the limit: <snip> Vulnerability 3: Debug Mode Leaks Information -- CAN-2001-0715 - -------------------------------------------------------------- This is a fairly low-risk vulnerability related to user-driven queue processing abilities. Debugging flags can be used to obtain the complete mail system configuration, gather potentially interesting information about the mail queue (full message path, subject, mail software, etc.) even if local users (and the attacker) are not allowed to read the configuration or mail queue directly. This can be achieved by issuing the following command: <snip> - -D - -- pgp key: http://www.tuxfan.homeip.net:8080/pgpkey.txt - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7vl12eMAUbzJhSVcRAhncAJ0RjLElli48c1cWRb0fXmYpLlZ8gQCfQCSU QahmNK1JKDlrqSYx0M7orSU= =I5SK -----END PGP SIGNATURE----- _______________________________________________ Seawolf-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/seawolf-list
