Note: This is an archival copy of Security Sun Alert 200576 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000440.1.
Article ID : 1000440.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-02-17
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun sendmail(1M) does not Handle Some ".forward" Constructs Correctly



Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4756570

Date of Resolved Release
05-MAR-2003

Impact

Local unprivileged users may be able to cause a denial of service against their mail server or possibly gain unauthorized root access to their mail server due to a security issue with how Sun's sendmail(1M) handles some $HOME/.forward constructs.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 7 without patch 107684-06
  • Solaris 8 without patch 110615-07
  • Solaris 9 without patch 113575-02

x86 Platform

  • Solaris 7 without patch 107685-06
  • Solaris 8 without patch 110616-07
  • Solaris 9 without patch 114137-01

Note: Solaris 2.6 is not impacted by this issue. Solaris 2.5.1 will not be evaluated regarding the potential impact of the issue described in this Sun Alert document.


Symptoms

There are no reliable symptoms that would show the described issue has been exploited to gain unauthorized root access to a host. The denial of service symptoms would primarily be the inability of local or remote users to login.


Workaround

To work around the described issue, modify the *.mc file used to generate the /etc/mail/sendmail.cf file by adding the following line in the *.mc file:

	define(`VENDOR_NAME', `Berkeley')dnl

Generate the new /etc/mail/sendmail.cf file from this revised *.mc file and copy this to /etc/mail/sendmail.cf. Please refer to /usr/lib/mail/README for additional information on how to use the *.mc files.

Or, edit the /etc/mail/sendmail.cf (not recommended) by changing the following line in the /etc/mail/sendmail.cf file from:

	V10/Sun

to:

	V10/Berkeley

Restart sendmail once the /etc/mail/sendmail.cf file has been modified:

	# /etc/init.d/sendmail stop
	# /etc/init.d/sendmail start

Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 7 with patch 107684-06 or later
  • Solaris 8 with patch 110615-07 or later
  • Solaris 9 with patch 113575-02 or later

x86 Platform

  • Solaris 7 with patch 107685-06 or later
  • Solaris 8 with patch 110616-07 or later
  • Solaris 9 with patch 114137-01 or later

Note: In order to activate the fix above, restart sendmail once the patches have been installed:

	# /etc/init.d/sendmail stop
	# /etc/init.d/sendmail start


Modification History

References

107684-06
110615-07
113575-02
107685-06
110616-07
114137-01




Attachments
This solution has no attachment