Note: This is an archival copy of Security Sun Alert 200260 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000204.1.
Solaris 9 Operating System
Date of Resolved Release
A local or remote unprivileged user may have the ability to gain unauthorized root access or create a Denial of Service (DoS) condition due to a buffer overflow in the sendmail(1M) daemon.
This issue is described in CERT Vulnerability Note VU#814627 at http://www.kb.cert.org/vuls/id/814627.
This issue can occur in the following release:
The following two conditions must be present to exploit these vulnerabilities:
To determine if a system is configured to reference DNS TXT records, the following command can be run:
$ grep TXT /etc/mail/sendmail.cf Kdnstxt dns -R TXT
If no output was generated after running the above command then the system is not at risk. (The output above is only one example and may vary). Also note that the default sendmail(1M) configuration file does not specify TXT records.
A Denial of Service condition may exist if the sendmail(1M) daemon is no longer running, which can be determined by running the following command:
$ /usr/bin/ps -ef | grep sendmail root 336 1 0 Jan 20 ? 0:03 /usr/lib/sendmail -bd -q15m
There are no reliable symptoms that would indicate the described issue has been exploited to gain unauthorized root access to a host.
A Denial of Service condition is present if the sendmail(1M) daemon is no longer running.
Until the appropriate patch can be applied, sites may wish to block access to the affected service from untrusted networks such as the Internet, or disabling the daemon where possible. Use of a firewall or other packet-filtering technology may be necessary to block the appropriate network ports. Consult your vendor or your firewall documentation for detailed instructions on how to configure the ports.
To disable sendmail(1M) the following command can be executed (as "root"):
# /etc/init.d/sendmail stop
This will prevent the system from receiving e-mail messages until sendmail(1M) is started again with the following command:
# /etc/init.d/sendmail start
This issue is addressed in the following release:
This solution has no attachment