Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » NetBSD Security Advisory 2002-023 - sendmail smrsh bypass

NetBSD Security Advisory 2002-023 - sendmail smrsh bypass

by Nikola Strahija on October 9th, 2002 If smrsh (sendmail restricted shell) is in use with sendmail, local user can bypass access restrictions imposed by smrsh.


NetBSD Security Advisory 2002-023
=================================

Topic: sendmail smrsh bypass vulnerability

Version: NetBSD-current: source prior to October 4, 2002
NetBSD 1.6: affected
NetBSD-1.5.3: affected
NetBSD-1.5.2: affected
NetBSD-1.5.1: affected
NetBSD-1.5: affected
pkgsrc: prior to/including sendmail-8.12.6

Severity: bypassing local access control

Fixed: NetBSD-current: October 4, 2002
NetBSD-1.6 branch: October 4, 2002
(1.6.1 will include the fix)
NetBSD-1.5 branch: October 4, 2002
pkgsrc: sendmail-8.12.6nb1 or later


Abstract
========

If smrsh (sendmail restricted shell) is in use with sendmail,
local user can bypass access restrictions imposed by smrsh.


Technical Details
=================

http://www.sendmail.org/smrsh.adv.txt


Solutions and Workarounds
=========================

If your system uses smrsh, your system is vulnerable.
If you see lines matching "smrsh" in /etc/mail/sendmail.cf, you are using
smrsh.

% grep smrsh /etc/mail/sendmail.cf

Even if you are not using smrsh, we encourage you to upgrade smrsh binary.

The following instructions describe how to upgrade your smrsh
binaries by updating your source tree and rebuilding and
installing a new version of smrsh.

* NetBSD-current:

Systems running NetBSD-current dated from before 2002-10-04
should be upgraded to NetBSD-current dated 2002-10-04 or later.

The following directories need to be updated from the
netbsd-current CVS branch (aka HEAD):
gnu/dist/sendmail/smrsh

To update from CVS, re-build, and re-install smrsh:
# cd src
# cvs update -d -P gnu/dist/sendmail/smrsh

# cd gnu/usr.sbin/sendmail/smrsh
# make cleandir dependall
# make install


* NetBSD 1.6:

Systems running NetBSD 1.6 dated from before 2002-10-04
should be upgraded to NetBSD 1.6 dated 2002-10-04 or later.

The following directories need to be updated from the
netbsd-1-6 CVS branch:
gnu/dist/sendmail/smrsh

To update from CVS, re-build, and re-install smrsh:
# cd src
# cvs update -d -P gnu/dist/sendmail/smrsh

# cd gnu/usr.sbin/sendmail/smrsh
# make cleandir dependall
# make install


* NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:

Systems running NetBSD 1.5 dated from before 2002-10-04
should be upgraded to NetBSD 1.5 dated 2002-10-04 or later.

The following directories need to be updated from the
netbsd-1-5 CVS branch:
gnu/dist/sendmail/smrsh

To update from CVS, re-build, and re-install smrsh:
# cd src
# cvs update -d -P gnu/dist/sendmail/smrsh

# cd gnu/usr.sbin/sendmail/smrsh
# make cleandir dependall
# make install


Thanks To
=========

Jeremy C. Reed for bringing the issue into attention via PR#18516.


Revision History
================

2002-10-08 Initial release


More Information
================

Advisories may be updated as new information comes to hand. The most
recent version of this advisory (PGP signed) can be found at
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 2002, The NetBSD Foundation, Inc. All Rights Reserved.

$NetBSD: NetBSD-SA2002-023.txt,v 1.4 2002/10/08 03:43:36 itojun Exp $


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBPaJUfT5Ru2/4N2IFAQEHtwQAwTTwQ8N2w4MvGDhi24xalrYhY9Q4Z113
Q/y6cM3+JEufzlEJPpMnWyWHHBYMn7utmvn9kie724IFDBOEKYXCcYFYWWZN54mD
mnXNa3g10ZOpMR2iA5P3wTFGCZPOaeJkVZAI0UwZ95OIXCkPtZ6TVqs0ioUf4hyQ
lYc69Hwpg+Q=
=+/Rb
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »