Note: This is an archival copy of Security Sun Alert 200463 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000341.1.
Sun Cobalt RaQ XTR Server
Sun Cobalt RaQ 4 Server
Sun Cobalt RaQ 550 Server
17084, 17085, 17086
Date of Workaround Release
Date of Resolved Release
A local or remote unprivileged user may be able to execute arbitrary code with elevated privileges or cause a Denial of Service (DoS) condition on a Sun Cobalt system due to a security vulnerability in the sendmail(8) daemon involving signal handling.
This issue is referenced in the following documents:
CERT VU#834865 http://www.kb.cert.org/vuls/id/834865 which is referenced in CERT Technical Cyber Security Alert TA06-081A: http://www.us-cert.gov/cas/techalerts/TA06-081A.html
This issue can occur in the following releases:
with the sendmail(8) service enabled.
The sendmail package version can be determined by running the following command:
# rpm -qa | grep -i sendmail sendmail-8.11.6-1C6stackguard
To determine whether sendmail(8) is enabled for the various run levels, the following command can be used:
# /sbin/chkconfig --list sendmail sendmail 0:off 1:off 2:off 3:on 4:on 5:on 6:off
There are no reliable symptoms that would indicate this issue has been exploited to execute arbitrary commands with elevated privileges on a system. The symptoms of the Denial of Service would be the sendmail daemon no longer running.
To work around the described issue, sites may wish to block access to the affected service from untrusted networks such as the Internet, or disable the sendmail daemon where possible. Use a firewall or other packet-filtering technology to block the appropriate network ports. Consult your vendor or your firewall documentation for detailed instructions on how to configure the ports.
The following command can be used to temporarily disable sendmail for all run levels:
# /sbin/chkconfig --del sendmail
This issue is addressed in the following releases:
This solution has no attachment