Patch Name: PHNE_9622 Patch Description: s700_800 10.0X-10 sendmail(1M) cumulative patch Creation Date: 96/12/30 Post Date: 97/02/05 Warning: 97/02/11 - This Non-Critical Warning has been issued by HP. This patch allows unauthorized access once installed. Patches PHNE_9621, PHNE_9622, and PHNE_10033 incorrectly add new user and group entries in the /etc/passwd and /etc/group files. Removing the patches from the system does NOT correct the problem. The recommended solution is to perform the following steps: - grep '^sm[0-9]*' /etc/passwd - locate entries with a ",.." entry in the password field - change ",.." to "*" using vipw(1M) These actions need to be taken whether or not the patch is removed. If the patch was previously removed, still perform these steps. A security bulletin will be released asap to notify customers of this problem. Patch PHNE_8451 will be re-released until a replacement patch is available. Hardware Platforms - OS Releases: s700: 10.00 10.01 10.10 s800: 10.00 10.01 10.10 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN InternetSrvcs.INET-ENG-A-MAN Automatic Reboot?: No Status: General Superseded With Warnings Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_9622 Symptoms: PHNE_9622: 1. Sendmail daemon hangs when unable to process queue message. PHNE_8451: 1. sendmail from PHNE_8321 reports "/usr/lib/dld.sl unresolved symbol dbm_open(CODE)" when run on a 10.01 system. PHNE_8371: 1. Daemon does not accept new incoming SMTP connects if waiting for input on pending SMTP connection and queue processing occurs. PHNE_8067: 1. Patch does not work in 10.01 environments. PHNE_7481: 1. Corrupted msgid in syslog. 2. 250 Reply send to QUIT 3. Access check on files skipped 4. Defunct processes leftover during queue processing 5. X400 site hiding now supported 6. Uppercase local users supported in alias lists PHNE_6990: 1. If a new header was added to sendmail.cf that referenced $u inside <>, $u would not get expanded. PHNE_6834: 1. Newaliases and other sendmail functions would fail with an unresolved libdld reference. PHNE_6782: 1. DNS information which includes invalid characters can cause sendmail to act improperly. 2. The .forward file can be symbolically linked to a root-owned read-only file. Defect Description: PHNE_9622: 1.When sendmail daemon processed the qf (Queue) file and tried to locate the df (Data) file, the file was gone due to the /usr/spool/mqueue may be full or nfile, ninode full. Then the sendmail will hang up with take CPU forever. PHNE_8451: 1. Patch built in 10.10 environment. PHNE_8371: 1. Signal handling defaults were improperly set. PHNE_8067: 1. Patch built in 10.10 environment. PHNE_7481: 1. Only checked for first < in headers.c logic. 2. 050 Informational code not prepended to remote VERBose 3. Access check not performed properly 4. Using signals instead of wait to clean up after children 5. Ruleset changes added to support X400 site hiding 6. Ignored alias expansions for lowercase conversion PHNE_6990: 1. Macro expansion only took place for $u if it was alone on the RHS of the header line. PHNE_6834: 1. Sendmail was built in a 10.10 environment instead of a 10.0. Sendmail has been rebuilt to work in all three environments. PHNE_6782: 1. Sendmail now looks for newlines and other characters in DNS/resolver calls, and properly safeguards against possible damage. 2. The .forward file can no longer be a symbolic link. SR: 1653182204 5003319343 1653151860 1653135467 5003313601 5003312983 1653160473 4701313007 1653157529 1653160499 5000716258 4701338698 Patch Files: /usr/sbin/sendmail /usr/newconfig/etc/mail/sendmail.cf /usr/sbin/smrsh /usr/share/man/man1m.Z/smrsh.1m what(1) Output: /usr/sbin/sendmail: Copyright (c) 1988 Regents of the University of Cali fornia. version.c $Revision: 1.40.112.11 $ PHNE_9622 $Date: 97/02/04 01:35:56 $ version.c 5.65 (Berkeley) 8/29/90 /usr/newconfig/etc/mail/sendmail.cf: $Revision: 1.30.112.2 $ /usr/sbin/smrsh: smrsh.c 8.3 (Berkeley) 9/12/95 /usr/share/man/man1m.Z/smrsh.1m: (none) cksum(1) Output: 1857355652 176128 /usr/sbin/sendmail 1992585881 12288 /usr/sbin/smrsh 1407764920 75914 /usr/newconfig/etc/mail/sendmail.cf 1647898701 2555 /usr/share/man/man1m.Z/smrsh.1m Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_6782 PHNE_6834 PHNE_6990 PHNE_7481 PHNE_8067 PHNE_8371 PHNE_8451 Equivalent Patches: None Patch Package Size: 320 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_9622 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_9622.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_9622.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_9622. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_9622.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_9622.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: When this patch is installed on the system, a unique user account is created automatically, to be used exclusively for the DefaultUser (Ou) sendmail configuration option, instead of the usual value root. smrsh (Sendmail Restricted Shell) is the shell used for the prog mailer, instead of /sbin/sh. smrsh sharply limits the commands that can be run using the "|program" syntax in a .forward file. See smrsh(1m) for more details.