From: Adam Flinton 

http://www.onlamp.com/lpt/a/4099


Adam

Geo. wrote:

> Highly recommended? Sounds like another root exploit..
>
> -----BEGIN PGP SIGNED MESSAGE-----
> ____________________________________________________________________________
> __
> SGI Security Advisory
> Title : Sendmail DNS Map Vulnerability
> Number : 20030803-01-P
> Date : August 25, 2003
> Reference: CVE CAN-2003-0688
> Reference: SGI BUG 898396
> Fixed in : IRIX 6.5.22 or patch 5287
> ____________________________________________________________________________
> __
> SGI provides this information freely to the SGI user community for its
> consideration, interpretation, implementation and use. SGI recommends that
> this information be acted upon as soon as possible.
> SGI provides the information in this Security Advisory on an
"AS-IS" basis
> only, and disclaims all warranties with respect thereto, express, implied
> or otherwise, including, without limitation, any warranty of merchantability
> or fitness for a particular purpose. In no event shall SGI be liable for
> any loss of profits, loss of business, loss of data or for any indirect,
> special, exemplary, incidental or consequential damages of any kind arising
> from your use of, failure to use or improper use of any of the instructions
> or information in this Security Advisory.
> ____________________________________________________________________________
> __
> - -----------------------
> - --- Issue Specifics ---
> - -----------------------
> It's been reported by sendmail.org that there is a potential problem in the
> sendmail 8.12 series with respect to DNS maps in sendmail 8.12.8 and earlier
> sendmail 8.12.x versions: http://www.sendmail.org/dnsmap1.html
> SGI ships sendmail 8.12.5 with IRIX 6.5.19 and later. The bug did not exist
> in versions before 8.12 as the DNS map type is new to 8.12.x versions.
> This bug could potentially be exploited to cause a Denial of Service.
> There may be a possibility of using it to gain remote root access.
> The Common Vulnerabilities and Exposures project (cve.mitre.org) has
> assigned the name CAN-2003-0688 to this issue:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0688
> SGI has investigated the issue and recommends the following steps for
> neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be
> implemented on ALL vulnerable SGI systems.
> These issues have been corrected in patches and in future releases of IRIX.
>
> - --------------
> - --- Impact ---
> - --------------
> The sendmail binary is installed by default on IRIX 6.5 systems as part of
> eoe.sw.base.
> To determine the version of IRIX you are running, execute the following
> command:
> # /bin/uname -R
> That will return a result similar to the following:
> # 6.5 6.5.19f
> The first number ("6.5") is the release name, the second
("6.5.16f" in this
> case) is the extended release name. The extended release name is the
> "version" we refer to throughout this document.
>
> - ----------------------------
> - --- Temporary Workaround ---
> - ----------------------------
> There is no effective workaround available for these problems if you use dns
> maps with sendmail. SGI recommends either upgrading to IRIX 6.5.22 (when
> available), or installing the appropriate patch from the listing below.
>
> - ----------------
> - --- Solution ---
> - ----------------
> SGI has provided a series of patches for these vulnerabilities. Our
> recommendation is to upgrade to IRIX 6.5.22 (when available), or install the
> appropriate patch.
> OS Version Vulnerable? Patch # Other Actions
> ---------- ----------- ------- -------------
> IRIX 3.x unknown Note 1
> IRIX 4.x unknown Note 1
> IRIX 5.x unknown Note 1
> IRIX 6.0.x unknown Note 1
> IRIX 6.1 unknown Note 1
> IRIX 6.2 unknown Note 1
> IRIX 6.3 unknown Note 1
> IRIX 6.4 unknown Note 1
> IRIX 6.5 no
> IRIX 6.5.1 no
> IRIX 6.5.2 no
> IRIX 6.5.3 no
> IRIX 6.5.4 no
> IRIX 6.5.5 no
> IRIX 6.5.6 no
> IRIX 6.5.7 no
> IRIX 6.5.8 no
> IRIX 6.5.9 no
> IRIX 6.5.10 no
> IRIX 6.5.11 no
> IRIX 6.5.12 no
> IRIX 6.5.13 no
> IRIX 6.5.14 no
> IRIX 6.5.15 no
> IRIX 6.5.16 no
> IRIX 6.5.17 no
> IRIX 6.5.18 no
> IRIX 6.5.19 yes 5287 Notes 2 & 3
> IRIX 6.5.20 yes 5287 Notes 2 & 3
> IRIX 6.5.21 yes 5287 Notes 2 & 3
> IRIX 6.5.22 no
> NOTES
> 1) This version of the IRIX operating has been retired. Upgrade to an
> actively supported IRIX operating system. See
> http://support.sgi.com for more information.
> 2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact your
> SGI Support Provider or URL: http://support.sgi.com
> 3) Upgrade to IRIX 6.5.22 (when available) or install the patch.
> ##### Patch File Checksums ####
> Filename: README.patch.5287
> Algorithm #1 (sum -r): 03461 10 README.patch.5287
> Algorithm #2 (sum): 38994 10 README.patch.5287
> MD5 checksum: 727E74B176D101AA4DE1E5F816E86AF2
> Filename: patchSG0005287
> Algorithm #1 (sum -r): 39412 4 patchSG0005287
> Algorithm #2 (sum): 5197 4 patchSG0005287
> MD5 checksum: 6A69EEF8FC02D549D110A64F8DEDA98C
> Filename: patchSG0005287.eoe_src
> Algorithm #1 (sum -r): 18481 378 patchSG0005287.eoe_src
> Algorithm #2 (sum): 2432 378 patchSG0005287.eoe_src
> MD5 checksum: EBDE27E3AF773E0EA6D2884A88501B71
> Filename: patchSG0005287.eoe_sw
> Algorithm #1 (sum -r): 34932 1104 patchSG0005287.eoe_sw
> Algorithm #2 (sum): 48296 1104 patchSG0005287.eoe_sw
> MD5 checksum: 0DE3B5C3BE9FE1DE0E0F022BB2FCDF14
> Filename: patchSG0005287.idb
> Algorithm #1 (sum -r): 56703 4 patchSG0005287.idb
> Algorithm #2 (sum): 23907 4 patchSG0005287.idb
> MD5 checksum: 6A25934457046F7EDFD84A9CE39C9623
>
> - ------------------------
> - --- Acknowledgments ----
> - ------------------------
> SGI wishes to thank sendmail.org and the users of the Internet Community at
> large for their assistance in this matter.
>
> - -------------
> - --- Links ---
> - -------------
> SGI Security Advisories can be found at:
> http://www.sgi.com/support/security/ and
> ftp://patches.sgi.com/support/free/security/advisories/
> SGI Security Patches can be found at:
> http://www.sgi.com/support/security/ and
> ftp://patches.sgi.com/support/free/security/patches/
> SGI patches for IRIX can be found at the following patch servers:
> http://support.sgi.com/ and ftp://patches.sgi.com/
> SGI freeware updates for IRIX can be found at:
> http://freeware.sgi.com/
> SGI patches and RPMs for Linux can be found at:
> http://support.sgi.com
> SGI patches for Windows NT or 2000 can be found at:
> http://support.sgi.com/
> IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at:
> http://support.sgi.com/ and ftp://patches.sgi.com/support/patchset/
> IRIX 6.5 Maintenance Release Streams can be found at:
> http://support.sgi.com/
> IRIX 6.5 Software Update CDs can be obtained from:
> http://support.sgi.com/
> The primary SGI anonymous FTP site for security advisories and patches is
> patches.sgi.com. Security advisories and patches are located under the URL
> ftp://patches.sgi.com/support/free/security/
> For security and patch management reasons, ftp.sgi.com (mirrors
> patches.sgi.com security FTP repository) lags behind and does not do a
> real-time update.
>
> - -----------------------------------------
> - --- SGI Security Information/Contacts ---
> - -----------------------------------------
> If there are questions about this document, email can be sent to
> security-info{at}sgi.com.
> ------oOo------
> SGI provides security information and patches for use by the entire SGI
> community. This information is freely available to any person needing the
> information and is available via anonymous FTP and the Web.
> The primary SGI anonymous FTP site for security advisories and patches is
> patches.sgi.com. Security advisories and patches are located under the URL
> ftp://patches.sgi.com/support/free/security/
> The SGI Security Headquarters Web page is accessible at the URL:
> http://www.sgi.com/support/security/
> For issues with the patches on the FTP sites, email can be sent to
> security-info{at}sgi.com.
> For assistance obtaining or working with security patches, please
> contact your SGI support provider.
> ------oOo------
> SGI provides a free security mailing list service called wiretap and
> encourages interested parties to self-subscribe to receive (via email) all
> SGI Security Advisories when they are released. Subscribing to the mailing
> list can be done via the Web
> (http://www.sgi.com/support/security/wiretap.html) or by sending email to
> SGI as outlined below.
> % mail wiretap-request{at}sgi.com
> subscribe wiretap 
> end
> ^d
> In the example above,  is the email address
that you wish
> the mailing list information sent to. The word end must be on a separate
> line to indicate the end of the body of the message. The control-d (^d) is
> used to indicate to the mail program that you are finished composing the
> mail message.
>
> ------oOo------
> SGI provides a comprehensive customer World Wide Web site. This site is
> located at http://www.sgi.com/support/security/ .
> ------oOo------
> If there are general security questions on SGI systems, email can be sent to
> security-info{at}sgi.com.
> For reporting *NEW* SGI security issues, email can be sent to
> security-alert{at}sgi.com or contact your SGI support provider. A support
> contract is not required for submitting a security report.
> ____________________________________________________________________________
> __
> This information is provided freely to all interested parties
> and may be redistributed provided that it is not altered in any
> way, SGI is appropriately credited and the document retains and
> includes its valid PGP signature.
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> iQCVAwUBP0pB9LQ4cFApAP75AQEdGAQAtNrjF2RpajRyZOeqzSweDnqUgculBEWk
> DxJej7wn7fLK2u4xWe+plD5TSvZj+9sr6VCI2fZe25bIddmlfy9tp+YNETr9W4/D
> BMcRd7IBLjLfESHbeupWJGsAWFki3Xw3oOVYgQQigKTk/wCS3fnjAgFNdA1rjnzl
> LOAuTzP+Wro=
> =S118
> -----END PGP SIGNATURE-----
> __
>
>

--- BBBS/NT v4.01 Flag-5