dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Conectiva Linux Advisory: sendmail

Aug 06, 2002, 04:53 (0 Talkback[s])
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : sendmail
SUMMARY   : Local Denial of Service
DATE      : 2002-08-05 14:57
ID        : CLA-:-1
RELEVANT
RELEASES  : 6.0, 7.0, 8

- -------------------------------------------------------------------------

DESCRIPTION
 Sendmail is a widely used Mail Transfer Agent (MTA).
 
 As publicized[1] by lumpy  and reported in the
 sendmail website, a local user can stop the mail service (in the
 sense of "freezing" some operations) by holding an exclusive reading
 lock on some specific sendmail files (using a system call like
 flock()). In order to do that, the user must have permission to read
 the file. One example of such a file is /var/log/sendmail.st, which
 is world readable by default.
 
 By exploiting this vulnerability, a malicious local user can delay
 (for an undetermined amount of time) the e-mail delivery, thus
 characterizing a Denial of Service (DoS) attack.


SOLUTION
 The current solution is to allow only root and users belonging to the
 mail group to read the files which are written by sendmail and its
 utilities (like newaliases).
 
 In order to do so, just run the following commands (as root user):
 
  chmod 0640 /etc/mail/*.db
  chmod 0640 /var/log/sendmail.st
 
 The given change does not affect the sendmail functionality and is
 the recommended procedure for all users.
 
 It is possible to obtain a list of users and programs which are
 acessing some file (and possibly locking it) with the lsof command,
 as seen in the example below:
 
  lsof /var/log/sendmail.st
 
 
 REFERENCES:
 1.http://www.sendmail.org/LockingAdvisory.txt
 2.http://distro.conectiva.com.br/bugzilla/show_bug.cgi?id=6350