Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: ciacf13r.txt

Sendmail README




CA-95:05.README
Supersedes CA-94:12.README and all previous files relating to sendmail.
Issue date: February 22, 1995
Date of last revision:  September 18, 1995


This file is a supplement to CERT advisory CA-95:05, "Sendmail
Vulnerabilities." It is updated as additional information becomes
available.

Note: After we publish checksums in advisories and READMEs, files are
sometimes updated at individual locations because of system upgrades or patch
installation. For current MD5 checksum values, we recommend that you check
with your vendor.

The text below originally appeared in the advisory.  As of September
18, 1995, the information for Digital Equipment Corporation, IDA,
Solbourne (Grumman), and Sun Microsystems, Inc., has been added or
updated.

//////////////////
Added September 18, 1995

In addition, to restrict sendmail's program mailer facility, obtain
and install the sendmail restricted shell program (smrsh) by Eric
Allman (the original author of sendmail), following the directions
included with the program.

This program may be obtained via anonymous FTP from

        ftp://info.cert.org/pub/tools/smrsh
        ftp://ftp.uu.net/pub/security/smrsh

 The checksums are

             MD5 (README)  = fc4cf266288511099e44b664806a5594
             MD5 (smrsh.8) = 35aeefba9714f251a3610c7b1714e355
             MD5 (smrsh.c) = d4822ce7c273fc8b93c68e39ec67739c

//////////////////


SUMMARY

Vendor or Source             Remote vul?/patch status Local vuls?/patch status
                             (IDENT)
---------------             ------------------------  ------------------------
Eric Allman
  version 8.6.10             no/ --                  no/ --
  all other versions         yes/upgrade avail.      yes/upgrade avail.

Apple Computer, Inc.
  v.3.1.1, 3.1               no/ --                  yes/patch avail.
  earlier versions           yes/see appendix        yes/see appendix

Berkeley Software Design,
Inc. (BSDI)
  version 2.0                no/ --                  yes/patch avail. soon
  other versions             yes/patch avail. soon   yes/patch avail. soon

Cray Computer Corporation
(Craycos)                    no/ --                  yes/patch avail.


Data General Corporation     no/ --                  no/ --

Digital Equipment Corp.      no/ --                  yes/patch avail. 

Harris Comp.Systems Corp.    yes/patch avail.        yes/patch avail.

Hewlett-Packard Company      no/ --                  yes/patch avail. by Feb 23

IBM Corporation              no/ --                  yes/patch avail.

Motorola                     yes/patch avail.        yes/patch avail.

Open Software Foundation     no/ --                  yes/see appendix

The Santa Cruz Operation     no/ --                  yes/patch avail. soon

Sequent Computer Systems     no/ --                  yes/patch avail.

Silicon Graphics (SGI)       no/ --                  yes/patch avail.

Solbourne (Grumman)          no/ --		     yes/patch avail. 

Sony Corporation             yes/patch avail.        yes/patch avail.

Sun Microsystems, Inc.       no/ --                  yes/patch avail.


DETAILED INFORMATION FROM VENDORS

Below is information we have received from vendors who have patches available
or upcoming for the vulnerabilities described in this advisory.

--------------------
Eric Allman

Sendmail version 8.6.10 is not vulnerable.

This version is available by anonymous FTP from

 ftp.cs.berkeley.edu:/ucb/sendmail
 ftp.uu.net:/networking/mail/sendmail/UCB
 ftp.cert.dfn.de:/pub/tools/net/sendmail
 info.cert.org:/pub/tools/sendmail/sendmail.8.6.10

In all of the above locations, the md5 checksums are the same,

MD5 (sendmail.8.6.10.base.tar.Z) = 4ab8ac267b1eaf8d1725c14cf4b2e885
MD5 (sendmail.8.6.10.cf.tar.Z) = c70c576697bbbf047ed379a7b98633f6
MD5 (sendmail.8.6.10.misc.tar.Z) = 603154fd1ff4aecb51646a1345f0806d
MD5 (sendmail.8.6.10.patch) = 08d6f977c171ea858f1e940163212c3a
MD5 (sendmail.8.6.10.xdoc.tar.Z) = 8b2252943f365f303b6302b71ef9a841


--------------------
Apple Computer, Inc.

An upgrade to A/UX version 3.1 (and 3.1.1) for these vulnerabilities is
available. The upgrade is a replacement of the sendmail binary. It is
available via anonymous FTP from ftp.support.apple.com:

        pub/abs/aws95/patches/sendmail/

In both cases the compressed binary has the following signature:

        MD5 (sendmail.Z) = 31bb15604517630f46d7444a6cfab3f1

Uncompress(1) this file and replace the existing version in /usr/lib;
be sure to preserve the hard links to /usr/ucb/newaliases and
/usr/ucb/mailq, kill the running sendmail and restart.

Earlier versions of A/UX are not supported by this patch.  Users of
previous versions are encouraged to update their system or compile
the latest version of sendmail available from ftp.cs.berkeley.edu.

Customers should contact their reseller for any additional information.

--------------------
Berkeley Software Design. Inc. (BSDI)

BSD/OS V2.0 is vulnerable to the local user problems,
but not the remote user (IDENT) problem.

All earlier releases of BSD/OS are vulnerable to both
problems.  Patches are being developed and will be
made available via anonymous FTP on ftp.bsdi.com
in the directory "bsdi/support".

BSDI Contact Information:
        BSDI Customer Support
        Berkeley Software Design, Inc.
        7759 Delmonico Drive
        Colorado Springs, CO 80919
        Toll Free: +1 800 ITS BSD8 (+1 800 486 2738)
        Phone: +1 719 260 8114
        Fax: +1 719 598 4238
        Email: support@bsdi.com

--------------------
Cray Computer Corporation (Craycos)

        A new version of sendmail, one that does not have the
        problem, is available from CCC.  Please contact your site
        analyst for more information. You may also contact CCC Field
        Support using the address below.

                e-mail: support@craycos.com

--------------------
////////////////////////////
Added September 18, 1995

Digital Equipment Corporation

Digital Equipment Corporation strongly urges Customers to upgrade to the
latest versions of ULTRIX V4.4 or DIGITAL DEC OSF/1 V3.2, then apply
the appropriate sendmail solution kit.  (For more information,
please refer to article SSRT0320-1486.)

Digital has corrected this potential vulnerability and provided kits
containing new binaries.  The appropriate kits and images are
identified as follows:

          ULTRIX                          DEC OSF/1
          ------                          ---------
          ULTSENDMAIL_E01044              OSFSENDMAIL_E01032

The above kits can be obtained through your normal Digital support channels.

        - Please refer to the applicable Release Note information prior
          to upgrading your installation.

NOTE: For non-contract/non-warranty customers there may be a nominal charge
      for the kit, to cover the costs of media and handling.

////////////////////////////

--------------------
Harris Computer Systems Corporation

Request the appropriate patch for Harris NightHawk Systems, as follows:

                System                          Patch

                cx/ux 7.1                       cx7.1-030
                cx/ux 6.2                       cx6.2-114
                cx/sx 6.2                       cx6.2-114

If you need further information, contact
the Harris Support Hotline 1-800-245-6453.

--------------------
Hewlett-Packard Company

Hewlett-Packard HP-UX           Patches available by 2/23/95
                                Vulnerable to:   -d DEBUG option
                                                 Latest queue problem
                                Not Vulnerable to: IDENT problem

Apply patch PHNE_5264 (series 700/800, HP-UX 9.x), or
            PHNE_5263 (series 700/800, HP-UX 8.x), or
            PHNE_5260 (series 300/400, HP-UX 9.0), or
            PHNE_5259 (series 300/400, HP-UX 8.x)

You can get patches via:
1. Ftp / email / kermit to HP SupportLine
   To obtain a copy of the HP SupportLine email service user's guide,
   send the following in the TEXT PORTION OF THE MESSAGE to
   support@support.mayfield.hp.com (no Subject is required):
                      send guide
2. World Wide Web: http://support.mayfield.hp.com

If you need further information, contact

HP SupportLine: 1-415-691-3888
phone: 1-415-691-3680
telnet/ftp: support.mayfield.hp.com (192.6.148.19)

--------------------
IBM Corporation

        A possible security exposure exists in the bos.obj
        sendmail subsystem in all AIX releases.

        The user can cause arbitrary data to
        be written into the sendmail queue file.
        Non-privileged users can affect the delivery of mail, as well as
        run programs as other users.

        Workaround
        A. Apply the patch for this problem. The patch is available
           from software.watson.ibm.com. The files will be located in
           the /pub/aix/sendmail in compressed tar format.

           The MD5 checksum for the binary file is listed
           below, ordinary "sum" checksums follow as well.

           File            sum             MD5 Checksum
           ----            ---             ------------
           sendmail.tar.Z 35990           e172fac410a1b31f3a8c0188f5fd3edb


         B. The official fix for this problem can be ordered as
            Authorized Program Analysis Report (APAR) IX49257

            To order an APAR from IBM in the U.S. call 1-800-237-5511
            and ask for shipment as soon as it is available (in
            approximately two weeks).  APARs may be obtained outside the
            U.S. by contacting a local IBM representative.

--------------------
/////////////////
Added September 18, 1995

IDA	

IDA sendmail is no longer being supported and it is recommended that
users update to the latest sendmail.

/////////////////
--------------------
Motorola Computer Group (MCG)

The following MCG platforms are vulnerable:
        R40
        R32 running CNEP add-on product
        R3 running CNEP add-on product

The following MCG platforms are not vulnerable:
        R32     not including CNEP add-on product
        R3      not including CNEP add-on product
        R2
        VMEEXEC
        VERSADOS

The patch is available and is identified as "patch_43004 p001" or
"SCML#5552".  It is applicable to OS revisions from R40V3 to R40V4.3.
For availability of patches for other versions of the product contact
your regional MCG office at the numbers listed below.

Obtain and install the appropriate patch according to the instructions
included with the patch.

The patch can be obtained through anonymous ftp from ftp.mcd.mot.com
[144.191.210.3] in the pub/patches/r4 directory.  The patch can also
be obtained via sales and support channels.  Questions regarding the
patch should be forwarded to sales or support channels.
For verification of the patch file:
        Results of      sum -r  == 27479 661
                        sum     == 32917 661
                        md5     == 8210c9ef9441da4c9a81c527b44defa6

Contact numbers for Sales and Support for MCG:

                United States (Tempe, Arizona)
                Tel:    +1-800-624-0077
                Fax:    +1-602-438-3865

        Europe (Brussels, Belgium)
                Tel:    +32-2-718-5411
                Fax:    +32-2-718-5566

        Asia Pacific / Japan (Hong Kong)
                Tel:    +852-966-3210
                Fax:    +852-966-3202

        Latin America / Australia / New Zealand (U.S.)
                Tel:   +1 602-438-5633
                Fax:   +1 602-438-3592

--------------------
Open Software Foundation

The local vulnerability described in the advisory can be exploited
in OSF's OSF/1 R1.3 (this is different from DEC's OSF/1).
Customers should apply the relevant portions of cert's fix to
their source base.  For more information please contact OSF's
support organization at osf1-defect@osf.org.

--------------------
The Santa Cruz Operation

SCO systems are not vulnerable to the IDENT problem.
Systems running the MMDF mail system are not vulnerable to the remote or
local problems.

The following releases of SCO products are vulnerable to the local problems.
============================================================================
SCO TCP/IP 1.1.x for SCO Unix System V/386 Operating System Release 3.2
Versions 1.0 and 2.0
SCO TCP/IP 1.2.x for SCO Unix System V/386 Operating System Release 3.2
Versions 4.x
SCO TCP/IP 1.2.0 for SCO Xenix System V/386 Operating System Release 2.3.4

SCO Open Desktop Lite Release 3.0
SCO Open Desktop Release 1.x, 2.0, and 3.0
SCO Open Server Network System, Release 3.0
SCO Open Server Enterprise System, Release 3.0

Patches are currently being developed for the release 3.0 and 1.2.1
based products. The latest sendmail available from SCO, on Support Level
Supplement (SLS) net382d, is also vulnerable.

Contacts for further information:

e-mail: support@sco.COM

USA, Canada, Pacific Rim, Asia, Latin America
6am-5pm Pacific Daylight Time (PDT)
----------------------------------------------
1-408-425-4726  (voice)
1-408-427-5443  (fax)

Europe, Middle East, Africa: 9am-5:30pm British Standard Time (BST)
-------------------------------------------------------------------
+44 (0)923 816344 (voice)
+44 (0)923 817781 (fax)


--------------------
Sequent Computer Systems

Sequent customers should contact Sequent Customer Service and request the
Fastpatch for sendmail.

phone: 1-800-854-9969.
e-mail: service-question@sequent.com


--------------------
Silicon Graphics, Inc.

At the time of writing of this document, patches/binaries are planned for
IRIX versions 4.x, 5.2, 5.3, 6.0, and 6.0.1 and will be available to all
SGI customers.

The patches/binaries may be obtained via anonymous ftp (ftp.sgi.com) or
from your support/service provider.

On the anonymous ftp server, the binaries/patches can be found in
either ~ftp/patches or ~ftp/security directories along with more
current pertinent information.

For any issues regarding this patch, please, contact your support/service
provider or send email to cse-security-alert@csd.sgi.com .


--------------------
Sony Corporation

        NEWS-OS 6.0.3   vulnerable; Patch SONYP6022 [sendmail] is available.
        NEWS-OS 6.1     vulnerable; Patch SONYP6101 [sendmail] is available.
        NEWS-OS 4.2.1   vulnerable; Patch 0101 [sendmail-3] is available.
                        Note that this patch is not included in 4.2.1a+.

        Patches are available via anonymous FTP in the
        /pub/patch/news-os/un-official directory on
        ftp1.sony.co.jp [202.24.32.18]:

        4.2.1a+/0101.doc        describes about patch 0101 [sendmail-3]
        4.2.1a+/0101_C.pch      patch for NEWS-OS 4.2.1C/a+C
        4.2.1a+/0101_R.pch      patch for NEWS-OS 4.2.1R/RN/RD/aRD/aRS/a+R

        6.0.3/SONYP6022.doc     describes about patch SONYP6022 [sendmail]
        6.0.3/SONYP6022.pch     patch for NEWS-OS 6.0.3

        6.1/SONYP6101.doc       describes about patch SONYP6101 [sendmail]
        6.1/SONYP6101.pch       patch for NEWS-OS 6.1

        Filename                BSD             SVR4
                                Checksum        Checksum
        --------------          ---------       ---------
        4.2.1a+/0101.doc        55361 2         19699 4
        4.2.1a+/0101_C.pch      60185 307       25993 614
        4.2.1a+/0101_R.pch      35612 502       31139 1004
        6.0.3/SONYP6022.doc     03698 2         36652 4
        6.0.3/SONYP6022.pch     41319 436       20298 871
        6.1/SONYP6101.doc       40725 2         3257 3
        6.1/SONYP6101.pch       37762 434       4624 868

        MD5 checksums are:
        MD5 (4.2.1a+/0101.doc) = c696c28abb65fffa5f2cb447d4253902
        MD5 (4.2.1a+/0101_C.pch) = 20c2d4939cd6ad6db0901d6e6d5ee832
        MD5 (4.2.1a+/0101_R.pch) = 840c20f909cf7a9ac188b9696d690b92
        MD5 (6.0.3/SONYP6022.doc) = b5b61aa85684c19e3104dd3c4f88c5c5
        MD5 (6.0.3/SONYP6022.pch) = 1e4d577f380ef509fd5241d97a6bcbea
        MD5 (6.1/SONYP6101.doc) = 62601c61aef99535acb325cf443b1b25
        MD5 (6.1/SONYP6101.pch) = 87c0d58f82b6c6f7811750251bace98c

If you need further information, contact your vendor.

-----------------
Solbourne (Grumman)

Grumman System Support Corporation now performs all Solbourne
software and hardware support. Please contact them for further
information.

        e-mail: support@nts.gssc.com
        phone: 1-800-447-2861

/////////////////
Added September 18, 1995

The Solbourne sendmail security patch, equivalent to Sun patch
100377-19, has been released and is available via anonymous ftp from:
ftp.nts.gssc.com.

The 4.1C patch is in /pub/support/OS4.1C/P95031405.tar.Z, 
and the 4.1B patch is in /pub/support/OS4.1B/P95031501.tar.Z.
There are also index and md5.checksums files in these directories.

	MD5 (P95031405.tar.Z) = 28cede699837d4bf78bc24a212feb705
	MD5 (P95031501.tar.Z) = eb6df9ece991681f4c3d2801297cabd3

This patch closes the vulnerabilities described in CERT advisory
CA-95:05.

/////////////////////
--------------------
Sun Microsystems, Inc.

Sun has developed patches for all supported platforms and architectures,
including Trusted Solaris, Solaris x86, and Interactive Unix. Note that Sun no
longer supports the sun3 architecture and versions of the operating system
that precede 4.1.3.

//////////////////
Modified September 18, 1995

Patches are available for the versions of SunOS shown below.

         OS version      Patch ID    Patch File Name
         ----------      ---------   --------------- 
         4.1.3           100377-19   100377-19.tar.Z
         4.1.3_U1        101665-04   101665-04.tar.Z
         4.1.4           102356-01   102356-01.tar.Z
         5.3             101739-07   101739-07.tar.Z
         5.4             102066-04   102066-04.tar.Z
         5.4_x86         102064-04   102064-04.tar.Z


Patches have also been created for Sun's Trusted Solaris and
Interactive Unix products. To obtain either, contact your Sun
representative. 

BSD and SVR4 checksums and MD5 digital signatures for the compressed
tar archives:

    File            BSD          SVR4        MD5
    Name            Checksum     Checksum    Digital Signature
    --------------- -----------  ----------  --------------------------------
    100377-19.tar.Z 01093   212  22539  423  8CE1C1E04B8A640F2B90EAE1AA813351
    101665-04.tar.Z 28743   213  48403  426  EA5E76D0B1A43756E58AEA18AB6D7BCC
    101739-07.tar.Z 30088   214  60567  428  CF85226BAF145D6B1BD457E189E771BE
    102064-04.tar.Z 33127   188  30212  375  276F05037CA1A72D1D2019A98C241327
    102066-04.tar.Z 13253   214  47552  428  AE190B5CAD8E0CFA8DE7DD059E4A7E71
    102356-01.tar.Z 53116   203  58382  406  B23AC4EFDC8D82B6528E46E27717EBD8

    The checksums shown above are from the BSD-based checksum
    (on 4.1.x, /bin/sum;  on Solaris 2.x, /usr/ucb/sum) and from
    the SVR4 version on Solaris 2.x (/usr/bin/sum).

Patches can be obtained from local Sun Answer Centers and through
anonymous FTP from ftp.uu.net in the /systems/sun/sun-dist directory. In
Europe, the patches are available from mcsun.eu.net in the /sun/fixes
directory.

The patches are available via World Wide Web at http://sunsolve1.sun.com.

//////////////////



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH