[8lgm]-Advisory-17.UNIX.sendmailV5-2-May-1995

PROGRAM:

sendmail(8) (Version 5.*)

KNOWN VULNERABLE VERSIONS:

• SunOS 4.1.* up to and including patch 100377-19
• Sendmail V5.*
• IDA Sendmail V5.*
• (Likely that any sendmail based on V5 is also vulnerable).

DESCRIPTION:

A flaw exists in versions of sendmail based on V5, which allows users to run programs and/or append to files remotely.

The user does not require an account on that system.

IMPACT:

Systems running V5 based sendmail are exploitable remotely.

REPEAT BY:

At this time, exploit details are not available. Exploit details will be provided on the 8lgm fileserver, at some point in the future.

DISCUSSION:

Details have been provided to ecd@cert.org, in order to speed up availability of exploit information to vulnerable vendors.

WORKAROUND & FIX:

1. Install V8 sendmail.

2. Obtain patch from vendor.

FEEDBACK AND CONTACT INFORMATION:

majordomo@8lgm.org

(Mailing list requests - try 'help' for details)

8lgm@8lgm.org

(Everything else)

8LGM FILESERVER:

All [8LGM] advisories may be obtained via the [8LGM] fileserver. For details, 'echo help | mail 8lgm-fileserver@8lgm.org'