Subject: Caldera Security Advisory 96.06: Vulnerability in sendmail

Caldera Security Advisory SA-96.06
Original issue date:	November 18th, 1996
Last revised:		November 21st, 1996

Topic: Vulnerability in sendmail

I. Problem Description

	The sendmail program is the default MTA (Mail Transport Agent)
	for the Caldera Network Desktop.  To gain access to resources it
	needs, the sendmail program is installed as set-user-id root.

	A vulnerability in sendmail makes it possible start a program
	such as a shell that has root permissions on the local machine.

	Exploit programs for sendmail are known to exist for Linux
	systems on x86 hardware.  This problem likely exists for other
	Unix-like operating systems.

II. Impact

	On systems such as CND 1.0, an unprivileged user can obtain root
	access.  A shell account on the local machine is needed to
	exploit this vulnerability.  This particular vulnerability
	is not known to be exploitable by a remote user.

III. Solution

	Install a version of sendmail with the patch that prevents this
	vulnerability.

/etc/rc.d/init.d/sendmail.init stop
ncftp ftp://ftp.caldera.com/pub/cnd-1.0/updates/sendmail-8.7.1-2c1.i386.rpm
rpm -Uvh sendmail-8.7.1-2c1.i386.rpm
/etc/rc.d/init.d/sendmail.init start

	If local changes to /etc/aliases have been made, they will be
	save in /etc/aliases.orig and will need to be re-installed.

	This particular version is same version as shipped with CND 1.0 but
	with the security patch applied.  (Newer versions of sendmail have
	been released by its author.)

	MD5 signatures of these packages (using the "md5sum" command):

	5471b0370e873b31c387dfdafbb02867  sendmail-8.7.1-2c1.i386.rpm
	e92cdeb8d75ea96f17ee04a1671e3c57  sendmail-8.7.1-2c1.src.rpm

IV. References

	This and other Caldera security resources are located at:

		http://www.caldera.com/tech-ref/cnd-1.0/security/

	Other sendmail related information can be found at:

		http://www.sendmail.org/

	and in the Usenet newsgroup

		comp.mail.sendmail

	The CERT advisory on this problem is located at:

	ftp://info.cert.org/pub/cert_advisories/CA-96.24.sendmail.daemon.mode