Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System
Bug Id
4756570
Date of Resolved Release05-MAR-2003
Impact
Local unprivileged users may be able to cause a denial of service against their mail server or possibly gain unauthorized root access to their mail server due to a security issue with how Sun's sendmail(1M) handles some $HOME/.forward constructs.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
-
Solaris 7 without patch 107684-06
-
Solaris 8 without patch 110615-07
-
Solaris 9 without patch 113575-02
x86 Platform
-
Solaris 7 without patch 107685-06
-
Solaris 8 without patch 110616-07
-
Solaris 9 without patch 114137-01
Note: Solaris 2.6 is not impacted by this issue. Solaris 2.5.1 will not be evaluated regarding the potential impact of the issue described in this Sun Alert document.
Symptoms
There are no reliable symptoms that would show the described issue has been exploited to gain unauthorized root access to a host. The denial of service symptoms would primarily be the inability of local or remote users to login.
Workaround
To work around the described issue, modify the *.mc file used to generate the /etc/mail/sendmail.cf file by adding the following line in the *.mc file:
define(`VENDOR_NAME', `Berkeley')dnl
Generate the new /etc/mail/sendmail.cf file from this revised *.mc file and copy this to /etc/mail/sendmail.cf. Please refer to /usr/lib/mail/README for additional information on how to use the *.mc files.
Or, edit the /etc/mail/sendmail.cf (not recommended) by changing the following line in the /etc/mail/sendmail.cf file from:
V10/Sun
to:
V10/Berkeley
Restart sendmail once the /etc/mail/sendmail.cf file has been modified:
# /etc/init.d/sendmail stop
# /etc/init.d/sendmail start
Resolution
This issue is addressed in the following releases:
SPARC Platform
-
Solaris 7 with patch 107684-06 or later
-
Solaris 8 with patch 110615-07 or later
-
Solaris 9 with patch 113575-02 or later
x86 Platform
-
Solaris 7 with patch 107685-06 or later
-
Solaris 8 with patch 110616-07 or later
-
Solaris 9 with patch 114137-01 or later
Note: In order to activate the fix above, restart sendmail once the patches have been installed:
# /etc/init.d/sendmail stop
# /etc/init.d/sendmail start
Modification History
References
107684-06
110615-07
113575-02
107685-06
110616-07
114137-01
AttachmentsThis solution has no attachment