[8lgm]-Advisory-21.UNIX.SunOS-sendmailV5.22-Aug-1995

PROGRAM:

sendmail(8)

VULNERABLE VERSIONS:

• SunOS 4.1.*

DESCRIPTION:

The -oR option uses popen() to return undeliverable mail.

IMPACT:

Local users can obtain root access.

REPEAT BY:

A program to exploit this vulnerability is available as of now. This program has been tested with the latest Sun patch. To obtain this program, send mail to 8lgm-fileserver@8lgm.org, with a line in the body of the message containing:-

SEND ropt

DISCUSSION:

Using popen() in setuid programs is bad practice.

FIX:

Contact vendor for fix.

STATUS UPDATE:

The file:

[8lgm]-Advisory-21.UNIX.SunOS-sendmailV5.22-Aug-1995.README

will be created on www.8lgm.org. This will contain updates on any further versions which are found to be vulnerable, and any other information received pertaining to this advisory.

FEEDBACK AND CONTACT INFORMATION:

        majordomo@8lgm.org      (Mailing list requests - try 'help'
                                 for details)

        8lgm@8lgm.org           (Everything else)

8LGM FILESERVER:

All [8LGM] advisories may be obtained via the [8LGM] fileserver. For details, 'echo help | mail 8lgm-fileserver@8lgm.org'

8LGM WWW SERVER:

[8LGM]'s web server can be reached at http://www.8lgm.org. This contains details of all 8LGM advisories and other useful information.