Date of Workaround Release
15-OCT-2002

Date of Resolved Release
24-JUN-2003

1. Impact

On Sun Linux and Sun Cobalt systems, a remote user may be able to execute arbitrary commands with access rights of another user who is running the "fetchmail" program. Depending on the system's configuration, this could lead to unauthorized root access.

This issue is described in

• CAN-2002-1174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1174
• CAN-2002-1175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1175

2. Contributing Factors

This issue can occur in the following releases:

Sun Linux 5.0

• fetchmail-5.9.0-1.i386.rpm

Qube 2

• fetchmail-4.7.4-1.mips.rpm

Qube 3

• fetchmail-5.5.0-1C1.i386.rpm

Note: Sun Linux 5.0 is currently shipped with the Sun LX50 Server.

3. Symptoms

There are no symptoms that would show the described issue has been exploited on a system.

4. Workaround

As a possible workaround, for Sun Cobalt Server Appliances (Qube 3, and Qube 2) disable remote mail acquisition through the Cobalt GUI (go to the "Email Services" tab under "Remote Retrieval" and uncheck the "Enable Remote Retrieval" check box). As a result, remote mail retrieval will not function until re-enabled.

5. Resolution

This issue is addressed in the following releases:

Sun Linux 5.0

• fetchmail-5.9.0-21.7.3.i386.rpm
• fetchmailconf-5.9.0-21.7.3.i386.rpm
• fetchmail-5.9.0-21.7.3.src.rpm

Cobalt Qube 3

• Qube3-All-Security-4.0.1-16169.pkg

Instructions for downloading the above packages can be found in 1234813.1 in MyOracleSupport.

Note: This Sun Alert was originally created to resolve the issue described in http://security.e-matters.de/advisories/032002.html.

The above patches address the issues described in http://security.e-matters.de/advisories/052002.html also.

Product
Sun Cobalt Qube 3 Server

Modification History
24-JUN-2003: Updated Resolution section. Resolved.





Attachments

This solution has no attachment