Old Sendmail (v8.1B through 8.6.*)
----------------------------------

CVE:
CVE-1999-0204, CAN-1999-0205

Details:
A really old version of Sendmail was found running. It is not known whether 
some of these versions are even compatible with modern versions of mail
server software. Numerous bugs are known to exist in these versions:

 - Version 8.1B can read any file on the system.
 - .forward can be owned by anyone.
 - .forward can be symlinks to read any file on the system.
 - GIDs are not set fully when programs run, allowing for exploit.
 - Some file creation operations follow symlinks.
 - NFS users could run programs out of .forward even from a restricted shell.
 - Certain directories with restrictive permissions can still be examined.
 - Certain programs can run as sender instead of recipient if both are local.
 - Connection queue can be filled for a DoS.
 - On SysV can give away files.
 - Local promotion to root possible via the -d flag.
 - Read any file on system via the -oE option.
 - Remote exploit to grab any file.
 - Ident buffer overflow for remote root.
 - Some command line flags and values could allow corruption of headers and
of qf files.
 - It is possible to insert newlines in queue using ident.
 - DoS by destruction of the the alias database by lowering resource limits.

Fix:
Upgrade to the latest version of Sendmail. Odds are you will have to upgrade
your operating system as well, as the latest Sendmail probably will not compile
on anything really old.

Related URLs:
http://www.ciac.org/ciac/bulletins/f-13.shtml
http://www.cert.org/advisories/CA-95.05.sendmail.vulnerabilities
http://www.cert.org/advisories/CA-1995-08.html
http://www.sendmail.org/

$Id: sendmail-old,v 1.2 2001/06/29 22:07:22 loveless Exp $
