Sendmail 'check_relay' E-mail Access Control Features Can Be Bypassed By Remote Users
|
SecurityTracker Alert ID: 1005748 |
SecurityTracker URL: http://securitytracker.com/id/1005748
|
CVE Reference:
CVE-2002-2261
(Links to External Site)
|
Updated: Jun 8 2008
|
Original Entry Date: Dec 4 2002
|
Impact:
Host/resource access via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 8.9, 8.12
|
Description:
An access control vulnerability was reported in Sendmail. A remote user with the ability to control a DNS server or spoof the DNS may be able to bypass a target server's sendmail access controls and send mail to or via that server.
It is reported that a remote user can bypass the access restrictions imposed via the 'check_relay' function by using bogus domain name system (DNS) data. It appears that a remote user with control of a DNS server can supply a blank client name via DNS to cause the 'check_relay' hostname access controls to fail to block mail from that domain.
Sendmail.org credits Kai Schlichting with reporting this flaw.
|
Impact:
A remote user with ability to spoof the DNS can bypass sendmail access restrictions and send mail to or via the server.
|
Solution:
The vendor has released the following patches.
For 8.12:
http://www.sendmail.org/patches/proto.m4.8.649.2.13
For 8.9:
http://www.sendmail.org/patches/proto.m4.8.9.3
According to the vendor version 8.12.7 will contain a patch to correct this flaw.
Also, if your system is configured to use the FEATURE(`delay_checks'), then the vendor says that you do not need a patch.
|
Vendor URL: www.sendmail.org/ (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Subject: Bypassing Sendmail access restrictions
|
Sendmail.org reports that access restrictions imposed via 'check_relay' for IP addresses
can be circumvented using bogus DNS data. The following patches are available:
For 8.12:
http://www.sendmail.org/patches/proto.m4.8.649.2.13
For 8.9:
http://www.sendmail.org/patches/proto.m4.8.9.3
Sendmail.org credits Kai Schlichting with reporting this flaw.
According to the vendor version 8.12.7 will contain a patch to correct this flaw. Also,
if your system is configured to use the FEATURE(`delay_checks'), then the vendor says that
you do not need a patch.
|
|