OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: NetBSD Security Officer (security-officernetbsd.org)
Date: Thu Sep 06 2001 - 12:04:54 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----

                     NetBSD Security Advisory 2001-017
                     =================================

    Topic: sendmail(8) incorrect command line argument check leads to
                    local root privilege compromise

    Version: NetBSD-current: source prior to August 22, 2001
                    NetBSD-1.5.1: affected
                    NetBSD-1.5: affected
                    NetBSD-1.4 branch: not-affected
                    pkgsrc: sendmail prior to 8.11.6

    Severity: Local root compromise

    Fixed: NetBSD-current: August 21, 2001
                    NetBSD-1.5 branch: August 22, 2001
                    pkgsrc: sendmail-8.11.6

    Abstract
    ========

    The following text is from sendmail 8.11.6 release note:

    SECURITY: Fix a possible memory access violation when specifying
    out-of-bounds debug parameters. Problem detected by
    Cade Cairns of SecurityFocus.

    Technical Details
    =================

    Certain variables were treated as signed values, but should have been
    unsigned. Bounds checking was not done when incrementing an index.

    Combined with supplied command-line arguments, a local user could
    exploit the setuid-root sendmail binary and the lack of bounds checking
    to perform a root compromise.

    Solutions and Workarounds
    =========================

    If your system is running a sendmail version between 8.10.0 to 8.11.5,
    your system is vulnerable. Sendmail 8.11.6 is safe. Check
    /usr/libexec/sendmail/sendmail.

    After the upgrade of the binary file, be sure to restart any instances
    of a sendmail daemon running on your system.

    * All NetBSD releases using sendmail from pkgsrc between 8.10.0 and 8.11.5:

            If you are using sendmail from pkgsrc, upgrade to the
            following, or later:
                    sendmail-8.11.6

    * NetBSD-current:

            Systems running NetBSD-current dated from before 2001-08-21
            should be upgraded to NetBSD-current dated 2001-08-22 or later.

            The following directory needs to be updated from the
            netbsd-current CVS branch (aka HEAD):
                    gnu/dist/sendmail
                    gnu/usr.sbin/sendmail

            To update from CVS, re-build, and re-install sendmail:
                    # cd /usr/src/gnu
                    # cvs update -d -P dist/sendmail usr.sbin/sendmail
                    # cd usr.sbin/sendmail
                    # make cleandir all install

            Alternatively, apply the following patch (with potential offset
            differences) and rebuild & re-install sendmail:
                    ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2001-017-sendmail.patch

            To patch, re-build and re-install sendmail
                    # cd /usr/src
                    # patch < /path/to/SA2001-017-sendmail.patch
                    # cd gnu/usr.sbin/sendmail
                    # make cleandir all install

    * NetBSD 1.5, 1.5.1

            Systems running NetBSD releases on netbsd 1.5 branch (1.5 and 1.5.1)
            should be upgraded to NetBSD 1.5 branch dated 2001-08-23 or later.

            The following directories need to be updated from the
            netbsd-1-5 CVS branch:
                    gnu/dist/sendmail
                    gnu/usr.sbin/sendmail

            To update from CVS, re-build, and re-install sendmail:
                    # cd /usr/src/gnu
                    # cvs update -d -P -r netbsd-1-5 dist/sendmail usr.sbin/sendmail
                    # cd usr.sbin/sendmail
                    # make cleandir all install

            Alternatively, apply the following patch (with potential offset
            differences):
                    ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2001-017-sendmail.patch

            To patch, re-build and re-install sendmail
                    # cd /usr/src
                    # patch < /path/to/SA2001-017-sendmail.patch
                    # cd gnu/usr.sbin/sendmail
                    # make cleandir all install

    Thanks To
    =========

    Jun-ichiro itojun Hagino for patches.

    Cade Cairns of SecurityFocus for discovering the issue.

    Revision History
    ================

            2001-09-06 Initial release

    More Information
    ================

    An up-to-date PGP signed copy of this release will be maintained at
      ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-017.txt.asc

    Information about NetBSD and NetBSD security can be found at
    http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.

    Copyright 2001, The NetBSD Foundation, Inc. All Rights Reserved.

    $NetBSD: NetBSD-SA2001-017.txt,v 1.8 2001/09/06 14:46:04 david Exp $

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (NetBSD)
    Comment: For info see http://www.gnupg.org

    iQCVAwUBO5eQbD5Ru2/4N2IFAQHh7wP6AoAVVkseqJCW0ig3n1RGOOGRHWyJ4Je/
    qgRO6x0vWEJpIp32fIILQtTLAl2dimrJSi6ApBdl0/7d4EBo4l+rnELbI0sKJaj2
    vcxgrhsL6rtUfhW8/qH9Gwr106sy78OMTuHrElEBrwuoy+T1XqTcXJGOwR1Rp1py
    BWbKwI4jGws=
    =1y/j
    -----END PGP SIGNATURE-----