Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2002:083 (sendmail)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50854

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2002:083 (sendmail)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to sendmail
announced via advisory MDKSA-2002:083.

A vulnerability was discovered by zen-parse and Pedram Amini in the
sendmail MTA. They found two ways to exploit smrsh, an application
intended as a replacement for the sh shell for use with sendmail
the
first by inserting specially formatted commands in the ~
/.forward file
and secondly by calling smrsh directly with special options. These
can be exploited to give users with no shell account, or those not
permitted to execute certain programs or commands, the ability to bypass
these restrictions.

Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1165
http://www.sendmail.org/smrsh.adv.txt

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: BugTraq ID: 5845
Common Vulnerability Exposure (CVE) ID: CVE-2002-1165
http://www.securityfocus.com/bid/5845
Bugtraq: 20021001 iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=103350914307274&w=2
Caldera Security Advisory: CSSA-2002-052.0
Conectiva Linux advisory: CLA-2002:532
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000532
FreeBSD Security Advisory: FreeBSD-SA-02:41
http://www.mandriva.com/security/advisories?name=MDKSA-2002:083
NETBSD Security Advisory: NetBSD-SA2002-023
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.asc
http://www.redhat.com/support/errata/RHSA-2003-073.html
http://secunia.com/advisories/7826
SGI Security Advisory: 20030101-01-P
http://www.iss.net/security_center/static/10232.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50854
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:083 (sendmail)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to sendmail announced via advisory MDKSA-2002:083. A vulnerability was discovered by zen-parse and Pedram Amini in the sendmail MTA. They found two ways to exploit smrsh, an application intended as a replacement for the sh shell for use with sendmail the first by inserting specially formatted commands in the ~ /.forward file and secondly by calling smrsh directly with special options. These can be exploited to give users with no shell account, or those not permitted to execute certain programs or commands, the ability to bypass these restrictions. Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1165 http://www.sendmail.org/smrsh.adv.txt Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	BugTraq ID: 5845 Common Vulnerability Exposure (CVE) ID: CVE-2002-1165 http://www.securityfocus.com/bid/5845 Bugtraq: 20021001 iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=103350914307274&w=2 Caldera Security Advisory: CSSA-2002-052.0 Conectiva Linux advisory: CLA-2002:532 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000532 FreeBSD Security Advisory: FreeBSD-SA-02:41 http://www.mandriva.com/security/advisories?name=MDKSA-2002:083 NETBSD Security Advisory: NetBSD-SA2002-023 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.asc http://www.redhat.com/support/errata/RHSA-2003-073.html http://secunia.com/advisories/7826 SGI Security Advisory: 20030101-01-P http://www.iss.net/security_center/static/10232.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com