首页 -> 安全研究
安全研究
安全漏洞
Cobalt 关于Sendmail的安全公告
发布日期:1999-11-24
更新日期:1999-11-24
受影响系统:
Sendmail描述:
+Qube1 MIPS yes
+Qube2 MIPS yes
+RaQ1 MIPS yes
+RaQ2 MIPS yes
+RaQ3 x86 yes
Sendmail一直到最近的 8.9.x 版本都存在漏洞--允许任何有shell权限的用户通过“-bi"
参数的检查来进入 /usr/sbin/sendmail.其结果是可以重建别名数据库。别名数据库可
以用下面的方法打开:
5366 open("/etc/aliases.db", O_RDWR|O_TRUNC) = 6
大概经过0.1秒的延时来进行/etc/aliases.db 的处理。其间,用户可以发送任何信号给
Sendmai的处理过程,比如:SIGKILL。这之后,/etc/aliases.db 将进入一个不可用的
状态,造成拒绝服务:
220 Marchew ESMTP Mail Service at nimue.ids.pl ready. mail from: myself
451 Cannot open hash database /etc/aliases: Invalid argument rcpt to:
lcamtuf
503 Need MAIL before RCPT
建议:
-RaQ 1-
在安装RPM后,需要把/etc/sendmail.cf.rpmsave移到/etc/sendmail.cf,然后重起
sendmail。
-Qube1-
见*Note
RPMS:
-RaQ 3-
ftp://ftp.cobaltnet.com/pub/experimental/security/i386/sendmail-8.9.3-C7.i386.rpm
-RaQ 2 Qube 2-
ftp://ftp.cobaltnet.com/pub/experimental/security/mips/sendmail-8.9.3-C7.mips.rpm
-RaQ 1 Qube 1-
ftp://ftp.cobaltnet.com/pub/experimental/security/mips/sendmail-8.8.8-1C4.mips.rpm
SRPMS:
-RaQ 3 RaQ 2 Qube 2-
ftp://ftp.cobaltnet.com/pub/experimental/security/srpms/sendmail-8.9.3-C7.src.rpm
-RaQ 1 Qube 1-
ftp://ftp.cobaltnet.com/pub/experimental/security/mips/sendmail-8.8.8-1C4.mips.rpm
MD5 验证
-------------------------------------------------------------
sendmail-8.9.3-C7.i386.rpm 9b28a5650f77a3d7bbeec2db064c2e82
sendmail-8.9.3-C7.mips.rpm 9a27c638b77d833c41d42bfad7b21b7b
sendmail-8.9.3-C7.src.rpm 3c6ce162b6de3cd072ed3f99e2200d3e
sendmail-8.8.8-1C4.mips.rpm 5590d0a0955fef086e219aa67245aa86
sendmail-8.8.8-1C4.src.rpm 10bb1f7ac3e6b1b817f4b6e4d17504ca
可以用下面的命令来验证每个rpm
rpm --checksig [package]
要以root的身份,用下面的命令来安装rpm。
rpm -U [package]
*Note for Qube 1
在安装RPM后,需要把/etc/sendmail.cf.rpmsave移到/etc/sendmail.cf。
如果在Qube 1上安装sendmail,需要在安装rpm之前进行两件事情。在把所有的
rc scripts 移到initscripts-cobalt之后,需要按如下的方法来进行操作。
1. Type as root:
cp /etc/rc.d/init.d/sendmail /root/sendmail.tmp
2. Install the rpm using: rpm -U sendmail-8.8.8-1C4.mips.rpm
3. Type as root:
mv /root/sendmail.tmp /etc/rc.d/init.d/sendmail
mv /etc/rc.d/rc0.d/K30sendmail.rpmsave /etc/rc.d/rc0.d/K30sendmail
mv /etc/rc.d/rc1.d/K30sendmail.rpmsave /etc/rc.d/rc1.d/K30sendmail
mv /etc/rc.d/rc2.d/S60sendmail.rpmsave /etc/rc.d/rc2.d/S60sendmail
mv /etc/rc.d/rc3.d/S80sendmail.rpmsave /etc/rc.d/rc3.d/S80sendmail
mv /etc/rc.d/rc5.d/S80sendmail.rpmsave /etc/rc.d/rc5.d/S80sendmail
mv /etc/rc.d/rc6.d/K30sendmail.rpmsave /etc/rc.d/rc6.d/K30sendmail
浏览次数:7402
严重程度:0(网友投票)
绿盟科技给您安全的保障