(Conectiva Describes Solution) Sendmail Default File Permissions and Configuration Allows Local Users to Deny Service to Sendmail - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (E-mail Server) > Sendmail

Vendors: Sendmail Consortium

(Conectiva Describes Solution) Sendmail Default File Permissions and Configuration Allows Local Users to Deny Service to Sendmail

SecurityTracker Alert ID: 1004950

SecurityTracker URL: http://securitytracker.com/id/1004950

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Aug 6 2002

Impact: Denial of service via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 8.12.4

Description: A denial of service vulnerability was reported in sendmail. A local user can use file locking mechanisms on critical sendmail files to deny service to all sendmail users.

It is reported that sendmail uses either flock() or fcntl() style locking, depending on the version of sendmail, to protect certain critical files used by sendmail. A local user could use flock() or fcntl() to place a lock on a sendmail file such that sendmail itself will not be able to lock the file, thereby creating a denial of service condition for sendmail as it waits for the other lock to be dropped.

According to the report, the critical sendmail files that may be affected are the alias, map, statistics, and pid files. These files should be configured to be owned by root or by the trusted user specified in the TrustedUser option. If the files are set to be readable and/or writable by other users, the system may be vulnerable.

Impact: A local user can lock critical sendmail files to cause denial of service conditions for sendmail.

Solution: Conectiva has described the following solution. Allow only root and users belonging to the mail group to read the files which are written by sendmail and its utilities (like newaliases).

In order to do so, just run the following commands (as root user):

chmod 0640 /etc/mail/*.db
chmod 0640 /var/log/sendmail.st

The given change does not affect the sendmail functionality and is the recommended procedure for all users.

It is possible to obtain a list of users and programs which are acessing some file (and possibly locking it) with the lsof command, as seen in the example below:

lsof /var/log/sendmail.st

Vendor URL: www.sendmail.org/LockingAdvisory.txt (Links to External Site)

Cause: Access control error, State error

Underlying OS: Linux (Conectiva)

Message History: This archive entry is a follow-up to the message listed below.

Sendmail Default File Permissions and Configuration Allows Local Users to Deny Service to Sendmail

Source Message Contents

Date: Mon, 5 Aug 2002 15:17:17 -0300
Subject: [conectiva-updates] [CLA-2002:514] Conectiva Linux Security Announcement - sendmail


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : sendmail
SUMMARY   : Local Denial of Service
DATE      : 2002-08-05 14:57
ID        : CLA-:-1
RELEVANT
RELEASES  : 6.0, 7.0, 8

- -------------------------------------------------------------------------

DESCRIPTION
 Sendmail is a widely used Mail Transfer Agent (MTA).
 
 As publicized[1] by lumpy  and reported in the
 sendmail website, a local user can stop the mail service (in the
 sense of "freezing" some operations) by holding an exclusive reading
 lock on some specific sendmail files (using a system call like
 flock()). In order to do that, the user must have permission to read
 the file. One example of such a file is /var/log/sendmail.st, which
 is world readable by default.
 
 By exploiting this vulnerability, a malicious local user can delay
 (for an undetermined amount of time) the e-mail delivery, thus
 characterizing a Denial of Service (DoS) attack.


SOLUTION
 The current solution is to allow only root and users belonging to the
 mail group to read the files which are written by sendmail and its
 utilities (like newaliases).
 
 In order to do so, just run the following commands (as root user):
 
  chmod 0640 /etc/mail/*.db
  chmod 0640 /var/log/sendmail.st
 
 The given change does not affect the sendmail functionality and is
 the recommended procedure for all users.
 
 It is possible to obtain a list of users and programs which are
 acessing some file (and possibly locking it) with the lsof command,
 as seen in the example below:
 
  lsof /var/log/sendmail.st
 
 
 REFERENCES:
 1.http://www.sendmail.org/LockingAdvisory.txt
 2.http://distro.conectiva.com.br/bugzilla/show_bug.cgi?id=6350


- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9Tr5F42jd0JmAcZARAsuqAJ9pcuoM592BRwGkBDEizLsbXcdAxgCgwz1V
8XwS24aCWX8LVMdWYANMNLA=
=GYjp
-----END PGP SIGNATURE-----

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC