Ancient Sendmail (v4.x and 5.x)
-------------------------------

CVE:
CVE-1999-0203, CAN-1999-0145, CAN-1999-0163, CVE-1999-0096, CAN-1999-0565,
CVE-1999-0095

Details:
An absolutely ancient version of Sendmail was found running. It is not known
whether these versions are even compatible with modern versions of mail
server software. Numerous bugs are known to exist in these versions:

 - A Sendmail alias allows input to be piped to a program, allowing for remote
root.
 - Mail from pipe and bounce can cause any program to be run as bin, leading 
to remote root. There are numerous variations to this, but all essentially 
allow programs to be run with elevated privileges.
 - The WIZ backdoor may exist.
 - The debug remote root bug exists in versions 5.58 and older.
 - Version 5.61 allowed local users playing with alias expansion, .forward, 
and queuing to run a program under the privileges of anyone local on the 
system who sends them mail.
 - The TURN command may allow for mail to be stolen.
 - Using the -q and -oQ options can allow for local users to delete and read 
any file.
 - Sendmail on Dynix 3.014, Ultrix 2.x, and possibly other similar dinosaur 
systems allows a local user using the -C option to read any file.
 - Old SunOS versions (4.x) still running the Sendmail they were shipped with 
are vulnerable to a number of local user compromises that lead to root 
privileges.
 - 

Fix:
Upgrade to the latest version of Sendmail. Odds are you will have to upgrade
your operating system as well, as the latest Sendmail probably will not compile
on anything really old.

Related URLs:
http://www.cert.org/advisories/CA-1988-01.html
http://www.cert.org/advisories/CA-1993-14.html
http://www.cert.org/advisories/CA-95.05.sendmail.vulnerabilities
http://www.cert.org/advisories/CA-1995-08.html
http://www.securityfocus.com/bid/243
http://www.sendmail.org/

$Id: sendmail-ancient,v 1.2 2001/06/29 22:07:21 loveless Exp $
