Apr 28, 2009 So the other night I installed the solaris 10 patch cluster from December on a V490, reconfigured my sendmail.cf file like I always have to after a. SunOS 5.10_x86: mail, sendmail and passwd patch. To Solaris 10 (from 142437-04) 6337505 sendmail is unable to. In Solaris 10 patch. The current Solaris 8 sendmail patches (110615-14 for SPARC and 110616-14 for x86). Solaris 10 with patch 122856-02 or later; x86 Platform. Patching sendmail is very dangerous. Before patching ALWAYS!!! Backup /etc/mail. ![]() A Security Vulnerability in sendmail(1M) Versions Prior to 8. Robert graves mobi. 13.7 May Allow a Denial of Service (DoS) To Occur Note: This is an archival copy of Security Sun Alert 200422 as previously published on Latest version of this security advisory is available from as Sun Alert. Article ID: 1000305.1 Article Type: Sun Alerts (SURE) Last reviewed: 2006-08-27 Audience: PUBLIC Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates. A Security Vulnerability in sendmail(1M) Versions Prior to 8.13.7 May Allow a Denial of Service (DoS) To Occur. Category Security Release Phase Resolved Product Solaris 9 Operating System Solaris 10 Operating System Solaris 8 Operating System Bug Id 6424201 Date of Workaround Release 14-JUN-2006 Date of Resolved Release 28-AUG-2006 Impact On hosts where sendmail(1M) is configured to accept incoming mail, a local or remote unprivileged user may be able to prevent sendmail from successfully delivering queued messages, resulting in a Denial of Service (DoS) of the sendmail delivery mechanism. On hosts which do not accept remote incoming mail, but make use of sendmail(1M) to deliver messages to other hosts and users, a local unprivileged user may be able to prevent sendmail from delivering queued messages, again resulting in a Denial of Service (DoS) of the sendmail delivery mechanism. If either of the two issues above are exploited, an additional Denial of Service (DoS) to the system may occur if sendmail(1M) is configured to write unique core files to disk and to attempt to flush the delivery queue regularly. Each attempt to flush the delivery queue will result in a new core file being written to disk, eventually consuming all available space. Solaris 10 Sendmail ConfigurationThis issue is referenced in the following documents: CVE-2006-1173 at CERT VU#146718 at Contributing Factors This issue can occur in the following releases: SPARC Platform • Solaris 8 without patch 110615-15 • Solaris 9 without patch 113575-07 • Solaris 10 without patch 122856-02 x86 Platform • Solaris 8 without patch 110616-15 • Solaris 9 without patch 114137-06 • Solaris 10 without patch 122857-03 Notes: 1. The current Solaris 8 sendmail patches (110615-14 for SPARC and 110616-14 for x86) update sendmail to version 8.11.7p2+Sun. This version of sendmail is affected by this vulnerability. The Solaris 8 patches which will address this vulnerability will update sendmail to version 8.11.7p3+Sun. This is a minor change to this version of sendmail, however, these are the only patches which are required to address this vulnerability in Solaris 8. The Solaris 9 and 10 patches which address this issue will update sendmail directly to version 8.13.7+Sun. This issue only affects systems which have sendmail(1M) enabled, or which use sendmail to deliver messages. Sendmail versions prior to 8.13.7 are impacted by this issue.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |