are careva exploitul? On Tuesday 04 March 2003 10:36 am, you wrote: > 1. Upgrade la 8.12.8 > 2. Linkul de mai jos: > https://gtoc.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 > > Bafta si upgrade, > Anton > > > > Advisories > > Internet Security Systems Security Advisory > March 3, 2003 > > Remote Sendmail Header Processing Vulnerability > > Synopsis: > > ISS X-Force has discovered a buffer overflow vulnerability in the > Sendmail > Mail Transfer Agent (MTA). Sendmail is the most common MTA and has been > documented to handle between 50% and 75% of all Internet email traffic. > > Impact: > > Attackers may remotely exploit this vulnerability to gain "root" or > superuser > control of any vulnerable Sendmail server. Sendmail and all other email > servers are typically exposed to the Internet in order to send and > receive > Internet email. Vulnerable Sendmail servers will not be protected by > legacy > security devices such as firewalls and/or packet filters. This > vulnerability > is especially dangerous because the exploit can be delivered within an > email > message and the attacker doesn't need any specific knowledge of the > target to > launch a successful attack. > > Affected Versions: > > Sendmail versions from 5.79 to 8.12.7 are vulnerable > > Note: The affected versions of Sendmail commercial, Sendmail open source > running on all platforms are known to be vulnerable. > > Description: > > The Sendmail remote vulnerability occurs when processing and evaluating > header fields in email collected during an SMTP transaction. > Specifically, > when fields are encountered that contain addresses or lists of addresses > (such as the "From" field, "To" field and "CC" field), Sendmail attempts > to semantically evaluate whether the supplied address (or list of > addresses) > are valid. This is accomplished using the crackaddr() function, which is > located in the headers.c file in the Sendmail source tree. > > A static buffer is used to store data that has been processed. Sendmail > detects when this buffer becomes full and stops adding characters, > although > it continues processing. Sendmail implements several security checks to > ensure that characters are parsed correctly. One such security check is > flawed, making it possible for a remote attacker to send an email with a > specially crafted address field that triggers a buffer overflow. > > X-Force has demonstrated that this vulnerability is exploitable in real- > world conditions on production Sendmail installations. This > vulnerability is > readily exploitable on x86 architecture systems, and may be exploitable > on > others as well. > > Protection mechanisms such as implementation of a non-executable stack > do not > offer any protection from exploitation of this vulnerability. Successful > exploitation of this vulnerability does not generate any log entries. > > Recommendations: > > For identification of potentially vulnerable systems, Internet Security > Systems has provided the following assessment checks: > > Internet Scanner XPU 6.24 > MtaDiscovery - (<http://www.iss.net/security_center/static/10961.php>) > > Internet Scanner XPU 6.26 > SendmailRunning - (<http://www.iss.net/security_center/static/2938.php>) > > System Scanner SR 3.13 > sendmail-header-processing-bo - > (<http://www.iss.net/security_center/static/10748.php>) > > For Dynamic Threat Protection, Internet Security Systems recommends > applying a > Virtual Patch for the Sendmail vulnerability. Employ the following > protection > techniques through ISS' Dynamic Threat Protection platform. > > RealSecure Network Sensor XPU 20.9 and 5.8: > SMTP_Sendmail_Header_Parse_Overflow - > (http://www.iss.net/security_center/static/10748.php) > > All updates listed above are available from the ISS Download center > (http://www.iss.net/download) > > For Manual Protection, the affected vendor has offered the following > recommendations: > > Sendmail urges all users to either upgrade to Sendmail 8.12.8 or apply a > patch > for 8.12.x (or for older versions). Updates can be downloaded from > ftp.sendmail.org or any of its mirrors (try a mirror near to you first), > see > http://www.sendmail.org/ for details. Remember to check the PGP > signatures of > patches or releases obtained. For those not running the open source > version, > check with your vendor for a patch. Sendmail, Inc., the commercial > provider of > the sendmail MTA, is providing a binary patch for their commercial > customers. > The patch can be downloaded from Sendmail's Web site at: > http://www.sendmail.com/ > > Sendmail versions that are patched will record the following log entry > when > exploitation is attempted: "Dropped invalid comments from header > address". > > Vendor Notification Schedule: > > Initial vendor notification: 1/13/2003 > Initial vendor confirmation: 1/13/2003 > Final release schedule confirmation: 1/31/2003 > > ISS X-Force worked with Sendmail throughout the notification and release > process. X-Force would like to thank Sendmail for their cooperation as > well as > the National Infrastructure Protection Center (NIPC) for coordinating > this > issue with elements of National critical infrastructure. > > Additional Information: > > The Common Vulnerabilities and Exposures (CVE) project has assigned the > name > CAN-2002-1337 to this issue. This is a candidate for inclusion in the > CVE > list http://cve.mitre.org), which standardizes names for security > problems. > > If you are a RealSecure Server Sensor customer, please email > [EMAIL PROTECTED] > > for additional protection information. Please enter the words "Server > Sensor - Sendmail" in the subject line of your email. > > X-Force Database > http://www.iss.net/security_center/static/10748.php > > For more information on ISS methodology and procedures involved in > Security > Advisory publication, please review the X-Force Vulnerability Disclosure > Guidelines document: > http://documents.iss.net/literature/vulnerability_guidelines.pdf > > Credit: > > This vulnerability was discovered and researched by Mark Dowd of the ISS > X-Force. > ______ > > About Internet Security Systems (ISS) > Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a > pioneer and world leader in software and services that protect critical > online resources from an ever-changing spectrum of threats and misuse. > Internet Security Systems is headquartered in Atlanta, GA, with > additional operations throughout the Americas, Asia, Australia, Europe > and the Middle East. > > Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved > worldwide. > > This document is not to be edited or altered in any way without the > express written consent of Internet Security Systems, Inc. If you wish > to reprint the whole or any part of this document, please email > > [EMAIL PROTECTED] for permission. You may provide links to this document > from your web site, and you may make copies of this document in > accordance with the fair use doctrine of the U.S. copyright laws. > > Disclaimer: The information within this paper may change without notice. > Use of this information constitutes acceptance for use in an AS IS > condition. There are NO warranties, implied or otherwise, with regard to > this information or its use. Any use of this information is at the > user's risk. In no event shall the author/distributor (Internet Security > Systems X-Force) be held liable for any damages whatsoever arising out > of or in connection with the use or spread of this information. > > X-Force PGP Key available on MIT's PGP key server and PGP.com's key > server, > as well as at http://www.iss.net/security_center/sensitive.php > Please send suggestions, updates, and comments to: X-Force > > [EMAIL PROTECTED] of Internet Security Systems, Inc.
-- Pentru dezabonare, trimiteti mail la [EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'. REGULI, arhive si alte informatii: http://www.lug.ro/mlist/
