OBSOLETE Patch-ID# 102423-07 Keywords: security matching wildcard sendmail uid null owner-alias y2000 Synopsis: OBSOLETED by 105466 Date: Sep/15/97 Solaris Release: 1.1.2 SunOS Release: 4.1.4 Unbundled Product: Unbundled Release: Relevant Architectures: sun4(all) BugId's fixed with this patch: 1144946 1056203 1030087 1068637 1085853 1041284 1092073 1092650 1093667 1089670 1084351 1142840 1151181 1152199 1082586 1048259 1160505 1153954 1189411 1191075 1193189 1206859 1219031 1221146 1219374 1220963 4035337 1267313 4018487 4018511 4030794 Changes incorporated in this version: Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: 105466 on May/22/98 Files included with this patch: sendmail sendmail.mx sendmail.main.cf sendmail.subsidiary.cf Note: A new option, "|", is now available in the options section of sendmail.cf. If set, :include: and .forward files that are group writable are considered "unsafe", that is, they cannot reference programs or write directly to files. World writable :include: and .forward files are always unsafe. Problem Description: 4030794 --> sendmail gets From: field wrong 4018511 --> Security bug: Sendmail Group Permissions Vulnerability 4018487 --> Security Bug: Sendmail Treats The w Option As Safe 1267313 --> sendmail security bug - Sendmail CERT advisory 96.20 4035337 --> 4.x sendmail has Year 2000 problem. 1219031 --> race condition allows normal users to access queue files directly when created 1221146 --> 4.x sendmail with main.cf using -om easily core dumps sending to bogus host 1219374 --> The -oR option uses popen() to return undeliverable mail 1220963 --> sendmail suffers buffer overrun problems 1206859 --> sendmail allows users to run programs and append to files remotely. 1189411 --> security loophole using "M" option. 1191075 --> security loophole by tampering with qf files. 1193189 --> sendmail coredumps for unknown users when using "-bv" 1153954 --> Unknown user in an alias can cause the entire list to be dropped. 1160505 --> sendmail dumps core if a very large debug level is specified. 1048259 --> sendmail does not lookup owner-alias type aliases in nis map. 1082586 --> sendmail does (while (getpwent != NULL)) if getpwnam fails 1151181 --> sendmail security 1152199 --> sendmail .forward capability causes security hole 1144946 --> Sendmail can be used to retrieve system files 1056203 --> Internal error sending mail when sendin mail to a site that has MX records. 1030087 --> sendmail yp aliasing does not work with non sun yp masters 1068637 --> sendmail ignores the .forward file of users with uid values over 32767 1085853 --> security can be subverted with "LD_" environment variables 1041284 --> Sendmail -t fails when nfs mount /var/spool/mail from mailhost 1092073 --> sendmail loops on mail where name of recipient contains eight bit 1092650 --> Sendmail truncates the header if the header length is too long 1093667 --> Sendmail doesn't generate error mail in error conditions. 1089670 --> Sendmail.mx doesn't handle subdomains. 1084351 --> Sendmail gets 550 user unknown during "rcpt to" right after reboot. 1142840 --> Sendmail ignores $HOME parameter in .forward file Patch Installation Instructions: 1) Make a copy of the old files: mv /usr/lib/sendmail /usr/lib/sendmail.fcs mv /usr/lib/sendmail.mx /usr/lib/sendmail.mx.fcs mv /usr/lib/sendmail.main.cf /usr/lib/sendmail.main.cf.fcs mv /usr/lib/sendmail.subsidiary.cf /usr/lib/sendmail.subsidiary.cf.fcs 2) Change permissions on old files so they can't be executed: chmod 0400 /usr/lib/sendmail.mx.fcs /usr/lib/sendmail.fcs 3) Install the patched files: cp sendmail /usr/lib/sendmail cp sendmail.mx /usr/lib/sendmail.mx cp sendmail.main.cf /usr/lib/sendmail.main.cf cp sendmail.subsidiary.cf /usr/lib/sendmail.subsidiary.cf 4) Change the owner and file permissions of /usr/lib/sendmail and /usr/lib/sendmail.mx to match those below: chown root.staff /usr/lib/sendmail.mx /usr/lib/sendmail chmod 4551 /usr/lib/sendmail.mx /usr/lib/sendmail -r-sr-x--x 1 root staff 155648 Oct 19 17:20 /usr/lib/sendmail -r-sr-x--x 1 root staff 172032 Oct 19 17:20 /usr/lib/sendmail.mx 5) Kill and restart sendmail and mailtool.