Sendmail 'check_relay' E-mail Access Control Features Can Be Bypassed By Remote Users - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (E-mail Server) > Sendmail

Vendors: Sendmail Consortium

Sendmail 'check_relay' E-mail Access Control Features Can Be Bypassed By Remote Users

SecurityTracker Alert ID: 1005748

SecurityTracker URL: http://securitytracker.com/id/1005748

CVE Reference: CVE-2002-2261 (Links to External Site)

Updated: Jun 8 2008

Original Entry Date: Dec 4 2002

Impact: Host/resource access via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): 8.9, 8.12

Description: An access control vulnerability was reported in Sendmail. A remote user with the ability to control a DNS server or spoof the DNS may be able to bypass a target server's sendmail access controls and send mail to or via that server.

It is reported that a remote user can bypass the access restrictions imposed via the 'check_relay' function by using bogus domain name system (DNS) data. It appears that a remote user with control of a DNS server can supply a blank client name via DNS to cause the 'check_relay' hostname access controls to fail to block mail from that domain.

Sendmail.org credits Kai Schlichting with reporting this flaw.

Impact: A remote user with ability to spoof the DNS can bypass sendmail access restrictions and send mail to or via the server.

Solution: The vendor has released the following patches.

For 8.12:

http://www.sendmail.org/patches/proto.m4.8.649.2.13

For 8.9:

http://www.sendmail.org/patches/proto.m4.8.9.3

According to the vendor version 8.12.7 will contain a patch to correct this flaw.

Also, if your system is configured to use the FEATURE(`delay_checks'), then the vendor says that you do not need a patch.

Vendor URL: www.sendmail.org/ (Links to External Site)

Cause: Access control error, State error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

(HP Issues Fix) Sendmail 'check_relay' E-mail Access Control Features Can Be Bypassed By Remote Users
HP has issued a fix for HP-UX 11.11 and 11.23.

Source Message Contents

Subject: Bypassing Sendmail access restrictions


Sendmail.org reports that access restrictions imposed via 'check_relay' for IP addresses 
can be circumvented using bogus DNS data.  The following patches are available:

For 8.12:

  http://www.sendmail.org/patches/proto.m4.8.649.2.13

For 8.9:

  http://www.sendmail.org/patches/proto.m4.8.9.3

Sendmail.org credits Kai Schlichting with reporting this flaw.

According to the vendor version 8.12.7 will contain a patch to correct this flaw.  Also,
if your system is configured to use the FEATURE(`delay_checks'), then the vendor says that
you do not need a patch.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2021, SecurityGlobal.net LLC