-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: sendmail smrsh bypass vulnerabilities 
Advisory number: 	CSSA-2002-052.1
Issue date: 		2002 December 18
Cross reference:
______________________________________________________________________________


1. Problem Description

	From the iDEFENSE Security Advisory 10.01.02:

	It is possible for an attacker to bypass the restrictions
	imposed by The Sendmail Consortium's Restricted Shell (SMRSH)
	and execute a binary of his choosing by inserting a special
	character sequence into his .forward file. SMRSH is an
	application intended as a replacement for sh for use in
	Sendmail.

	This update of the fix allows the fix to co-exist with
	Volution Messaging Server.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to sendmail-8.11.6-12.i386.rpm
					prior to sendmail-cf-8.11.6-12.i386.rpm
					prior to sendmail-doc-8.11.6-12.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to sendmail-8.11.6-12.i386.rpm
					prior to sendmail-cf-8.11.6-12.i386.rpm
					prior to sendmail-doc-8.11.6-12.i386.rpm

	OpenLinux 3.1 Server		prior to sendmail-8.11.6-12.i386.rpm
					prior to sendmail-cf-8.11.6-12.i386.rpm
					prior to sendmail-doc-8.11.6-12.i386.rpm

	OpenLinux 3.1 Workstation	prior to sendmail-8.11.6-12.i386.rpm
					prior to sendmail-cf-8.11.6-12.i386.rpm
					prior to sendmail-doc-8.11.6-12.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-052.1/RPMS

	4.2 Packages

	bf7454833a8cc2e6d027008cb2b02ff3	sendmail-8.11.6-12.i386.rpm
	c1bb108e26d866d421a0a24907a9b856	sendmail-cf-8.11.6-12.i386.rpm
	3284ba3958a0e126ef17fe33165ad163	sendmail-doc-8.11.6-12.i386.rpm

	4.3 Installation

	rpm -Fvh sendmail-8.11.6-12.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-12.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-12.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-052.1/SRPMS

	4.5 Source Packages

	606b7d7a5175569a45cd014cee767cc0	sendmail-8.11.6-12.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-052.1/RPMS

	5.2 Packages

	28ab181ca49b1cf17e7571ebbb004f2e	sendmail-8.11.6-12.i386.rpm
	78c44ccf24cc5aa529eada07ced776e4	sendmail-cf-8.11.6-12.i386.rpm
	b0cd65ef701d2b2bea97be573788da9f	sendmail-doc-8.11.6-12.i386.rpm

	5.3 Installation

	rpm -Fvh sendmail-8.11.6-12.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-12.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-12.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-052.1/SRPMS

	5.5 Source Packages

	814c27e1d87b05c4d5cdcb900ef6e1c9	sendmail-8.11.6-12.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-052.1/RPMS

	6.2 Packages

	3f60d6bab2d46bc35fcd0385ed8daaa6	sendmail-8.11.6-12.i386.rpm
	dd058b6201a2c35331d4f285cd555065	sendmail-cf-8.11.6-12.i386.rpm
	55f9653147bc0e22c3ea501a4aba95b2	sendmail-doc-8.11.6-12.i386.rpm

	6.3 Installation

	rpm -Fvh sendmail-8.11.6-12.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-12.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-12.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-052.1/SRPMS

	6.5 Source Packages

	f970e13261013bf12425822ebcdedcc9	sendmail-8.11.6-12.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-052.1/RPMS

	7.2 Packages

	747426f8b202671e54a2dd9475db877c	sendmail-8.11.6-12.i386.rpm
	60f13bf997af7068c492b06ba71dca4a	sendmail-cf-8.11.6-12.i386.rpm
	8a4daa0100687d90904473d2fd86f8e4	sendmail-doc-8.11.6-12.i386.rpm

	7.3 Installation

	rpm -Fvh sendmail-8.11.6-12.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-12.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-12.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-052.1/SRPMS

	7.5 Source Packages

	f84dd1a182bf2f9d23c0de1e6fcce8a9	sendmail-8.11.6-12.src.rpm


8. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1165

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr869922, fz526234,
	erg712134.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


10. Acknowledgements

	zen-parse (zen-parse@gmx.net) and Pedram Amini
	(pamini@idefense.com) discovered and researched these
	vulnerabilities.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj4A3bYACgkQbluZssSXDTHAoACffta3NMLwz8IAU7dFmYrM35ne
uZAAoKL+aU1fW5NF8KkpL75UD9ChRJF7
=IsqI
-----END PGP SIGNATURE-----