Sendmail SMRSH双重管道访问确认漏洞

漏洞信息详情

Sendmail SMRSH双重管道访问确认漏洞

• CNNVD编号：CNNVD-200210-266
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-1165
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2002-10-11
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  sendmail
• 漏洞来源：
  Vulnerability disc…

Sendmail 8.12.6版本，8.11.6-15版本，以及来自5/19/1998的8.11之后的可能其他的版本中Sendmail Consortium\’\’s Restricted Shell (SMRSH)存在漏洞。攻击者可以通过在(1) \”||\”序列或(2) \”/\”字符之后插入附加命令绕过smrsh的故意限制，该漏洞不能正确地被过滤或核实。

OpenBSD has released patches for OpenBSD 3.0, 3.1 and 3.2 systems.
NetBSD has released an advisory. Users are advised to upgrade the smrsh binary.
Users of NetBSD-current are advised to upgrade to NetBSD-current dated 2002-10-04 or later. Users of NetBSD 1.6 are advised to upgrade from NetBSD 1.6 sources dated 2002-10-04 or later. Users of NetBSD 1.5 through 1.5.3 from NetBSD 1.5.* sources dated 2002-10-04 or later. Further details are available in the referenced advisory.
Users of Gentoo Linux are advised to upgrade using the following commands:
emerge rsync
emerge sendmail
emerge clean
Conectiva has released an advisory.
FreeBSD has released an advisory. Users are advised to upgrade vulnerable systems to the 4.7-STABLE branch, or to the appropriate RELENG_4_x branch after the correction date. A patch is also available. Further details may be found in the referenced advisory.
Mandrake has released a security advisory (MDKSA-2002:083). Fixes for Mandrake Linux are now available.
SGI has released an advisory. Users are advised to upgrade to IRIX 6.5.19 when available or to install the appropriate patch. Further information is available in the referenced advisory.
Apple has addressed this issue in MacOS X 10.2.4/MacOS X Server 10.2.4. Users are advised to upgrade.
HP has released a revised version of their advisory (HPSBUX0212-234) which has been updated to include fix information. Users are advised to upgrade as soon as possible. An upgrade for HP-UX 11.00 and 11.11 has also be made available online and can be accessed using the following link:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=SMAIL811
Fixes are available.
OpenBSD OpenBSD 3.2

• OpenBSD 003_smrsh.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/003_smrsh.patch

OpenBSD OpenBSD 3.0

• OpenBSD 034_smrsh.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/034_smrsh.patch

OpenBSD OpenBSD 3.1

• OpenBSD 017_smrsh.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/017_smrsh.patch

HP HP-UX 11.0 4

• HP smrsh.1100
  ftp://smrsh:smrsh1@hprc.external.hp.com/

HP HP-UX 11.0

• HP smrsh.1100
  ftp://smrsh:smrsh1@hprc.external.hp.com/

HP HP-UX 11.11

• HP smrsh.1111
  ftp://smrsh:smrsh1@hprc.external.hp.com/

HP HP-UX 11.22

• HP PHNE_28409
  
  http://itrc.hp.com
• HP smrsh.1122
  ftp://smrsh:smrsh1@hprc.external.hp.com/

Caldera OpenLinux Server 3.1

• SCO sendmail-8.11.6-11.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-052.0/RPM
  S/sendmail-8.11.6-11.i386.rpm
• SCO sendmail-cf-8.11.6-11.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-052.0/RPM
  S/sendmail-cf-8.11.6-11.i386.rpm
• SCO sendmail-doc-8.11.6-11.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-052.0/RPM
  S/sendmail-doc-8.11.6-11.i386.rpm

Caldera OpenLinux Workstation 3.1

• SCO sendmail-8.11.6-11.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-052.
  0/RPMS/sendmail-8.11.6-11.i386.rpm
• SCO sendmail-cf-8.11.6-11.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-052.
  0/RPMS/sendmail-cf-8.11.6-11.i386.rpm
• SCO sendmail-doc-8.11.6-11.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-052.
  0/RPMS/sendmail-doc-8.11.6-11.i386.rpm

Caldera OpenLinux Server 3.1.1

• SCO sendmail-8.11.6-11.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-052.0/R
  PMS/sendmail-8.11.6-11.i386.rpm
• SCO sendmail-cf-8.11.6-11.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-052.0/R
  PMS/sendmail-cf-8.11.6-11.i386.rpm
• SCO sendmail-doc-8.11.6-11.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-052.0/R
  PMS/sendmail-doc-8.11.6-11.i386.rpm

Caldera OpenLinux Workstation 3.1.1

• SCO sendmail-8.11.6-11.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-05
  2.0/RPMS/sendmail-8.11.6-11.i386.rpm
• SCO sendmail-cf-8.11.6-11.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-05
  2.0/RPMS/sendmail-cf-8.11.6-11.i386.rpm
• SCO sendmail-doc-8.11.6-11.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-05
  2.0/RPMS/sendmail-doc-8.11.6-11.i386.rpm

FreeBSD FreeBSD 4.4

• FreeBSD smrsh.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:41/smrsh.patch

FreeBSD FreeBSD 4.5

• FreeBSD smrsh.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:41/smrsh.patch

FreeBSD FreeBSD 4.6

• FreeBSD smrsh.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:41/smrsh.patch

Sendmail Consortium Sendmail 8.11

• Mandrake sendmail-8.11.0-4.1mdk.i586.rpmMandrake Linux 7.2
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake sendmail-8.11.0-4.1mdk.src.rpmMandrake Linux 7.2
  

  参考网址

  来源: www.sendmail.org
  链接:http://www.sendmail.org/smrsh.adv.txt

  来源: BID
  名称: 5845
  链接:http://www.securityfocus.com/bid/5845

  来源: BUGTRAQ
  名称: 20021001 iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities
  链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103350914307274&w=2

  来源: REDHAT
  名称: RHSA-2003:073
  链接:http://www.redhat.com/support/errata/RHSA-2003-073.html

  来源: XF
  名称: sendmail-forward-bypass-smrsh(10232)
  链接:http://www.iss.net/security_center/static/10232.php

  来源: NETBSD
  名称: NetBSD-SA2002-023
  链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.asc

  来源: MANDRIVA
  名称: MDKSA-2002:083
  链接:http://www.mandriva.com/security/advisories?name=MDKSA-2002:083

  来源: SECUNIA
  名称: 7826
  链接:http://secunia.com/advisories/7826

  来源: CONECTIVA
  名称: CLA-2002:532
  链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000532