OBSOLETE Patch-ID# 101665-10 Keywords: matching wildcard sendmail uid security null owner-alias y2000 Synopsis: OBSOLETED by 105465 Date: Sep/15/97 Solaris Release: 1.1.1 SunOS Release: 4.1.3_U1 Unbundled Product: Unbundled Release: Relevant Architectures: sun4(all) BugId's fixed with this patch: 1144946 1056203 1030087 1068637 1085853 1041284 1092073 1092650 1093667 1089670 1084351 1142840 1151181 1152199 1082586 1048259 1160505 1153954 1189411 1191075 1193189 1206859 1219031 1221146 1219374 1220963 4035337 1267313 4018487 4018511 4030794 Changes incorporated in this version: Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: 105465 on May/22/98 Files included with this patch: sendmail sendmail.mx sendmail.main.cf sendmail.subsidiary.cf Note: A new option, "|", is now available in the options section of sendmail.cf. If set, :include: and .forward files that are group writable are considered "unsafe", that is, they cannot reference programs or write directly to files. World writable :include: and .forward files are always unsafe. Obsoleted by: 105465 on May/22/98 Problem Description: Bug ID: 4030794 --------------- sendmail gets From: field wrong Bug ID: 4018511 --------------- Security bug: Sendmail Group Permissions Vulnerability Bug ID: 4018487 --------------- Security Bug: Sendmail Treats The w Option As Safe Bug ID: 1267313 --------------- sendmail security bug - Sendmail CERT advisory 96.20 Bug ID: 4035337 --------------- 4.x sendmail has Year 2000 problem. Bug ID: 1219031 --------------- race condition allows normal users to access queue files directly when created Bug ID: 1221146 --------------- 4.x sendmail with main.cf using -om easily core dumps sending to bogus host Bug ID: 1219374 --------------- The -oR option uses popen() to return undeliverable mail Bug ID: 1220963 --------------- sendmail suffers buffer overrun problems Bug ID: 1206859 --------------- sendmail allows users to run programs and append to files remotely. Bug ID: 1189411 --------------- security loophole using "M" option. Bug ID: 1191075 --------------- security loophole by tampering with qf files. Bug ID: 1193189 --------------- sendmail coredumps for unknown users when using "-bv" Bug ID: 1153954 --------------- Unknown user in an alias can cause the entire list to be dropped. Bug ID: 1160505 --------------- sendmail dumps core if a very large debug level is specified. Bug ID: 1048259 --------------- sendmail does not lookup owner-alias type aliases in nis map. Bug ID: 1082586 --------------- sendmail does (while (getpwent != NULL)) if getpwnam fails (This is a backport to SunOS 4.1.x of the fix in production SunOS 5.x) Bug ID: 1151181 --------------- sendmail security Bug ID: 1152199 --------------- sendmail .forward capability causes security hole Bug ID: 1144946 --------------- Sendmail can be used to retrieve system files Bug ID: 1056203 --------------- Take for example, viewlogic.com. IN MX 10 suntan.viewlogic.com. *.viewlogic.com. IN MX 10 suntan.viewlogic.com. If the system runs sendmail.mx when it comes to a site that has MX records setup then sendmail.mx will connect back to itself. This causes an "Internal error" message when sending mail. Bug ID: 1030087 --------------- sendmail yp aliasing does not work with non sun yp masters Bug ID: 1068637 --------------- sendmail ignores the .forward file of users with uid values over 32767 Bug ID: 1085853 --------------- security can be subverted with "LD_" environment variables Bug ID: 1041284 --------------- Sendmail -t fails when nfs mount /var/spool/mail from mailhost Bug ID: 1092073 --------------- sendmail loops on mail where name of recipient contains eight bit Bug ID: 1092650 --------------- Sendmail truncates the header if the header length is too long Bug ID: 1093667 --------------- Sendmail doesn't generate error mail in error conditions. Bug ID: 1089670 --------------- Sendmail.mx doesn't handle subdomains. Bug ID: 1084351 --------------- Sendmail gets 550 user unknown during "rcpt to" right after reboot. Bug ID: 1142840 --------------- Sendmail ignores $HOME parameter in .forward file Patch Installation Instructions: 1) Make a copy of the old files: mv /usr/lib/sendmail.mx /usr/lib/sendmail.mx.fcs mv /usr/lib/sendmail /usr/lib/sendmail.fcs mv /usr/lib/sendmail.main.cf /usr/lib/sendmail.main.cf.fcs mv /usr/lib/sendmail.subsidiary.cf /usr/lib/sendmail.subsidiary.cf.fcs 2) Change permissions on old files so they can't be executed: chmod 0400 /usr/lib/sendmail.mx.fcs /usr/lib/sendmail.fcs 3) Install the patched files: cp sendmail /usr/lib/sendmail cp sendmail.mx /usr/lib/sendmail.mx cp sendmail.main.cf /usr/lib/sendmail.main.cf cp sendmail.subsidiary.cf /usr/lib/sendmail.subsidiary.cf 4) Change the owner and file permissions of /usr/lib/sendmail and /usr/lib/sendmail.mx to match those below: chown root.staff /usr/lib/sendmail.mx /usr/lib/sendmail chmod 4551 /usr/lib/sendmail.mx /usr/lib/sendmail -r-sr-x--x 1 root staff 155648 Oct 19 17:20 /usr/lib/sendmail -r-sr-x--x 1 root staff 172032 Oct 19 17:20 /usr/lib/sendmail.mx 5) Kill and restart sendmail and mailtool.