Patch-ID# 100377-22 Keywords: matching wildcard sendmail uid security performance null owner-alias Synopsis: SunOS 4.1.3: sendmail jumbo patch Date: Oct/05/95 Solaris Release: 1.1 SunOS Release: 4.1.3, 4.1.3C Unbundled Product: Unbundled Release: Topic: sendmail jumbo patch BugId's fixed with this patch: 1144946 1056203 1030087 1068637 1085853 1041284 1092073 1092650 1093667 1089670 1084351 1142840 1151181 1152199 1082586 1048259 1160505 1153954 1189411 1191075 1193189 1206859 1219031 1221146 1219374 1220963 Changes incorporated in this version: 1219031 1221146 1219374 1220963 Relevant Architecture: sparc NOTE: sun4(all) Patches which may conflict with this patch: Obsoleted by: Problem Description: Bug ID: 1219031 --------------- race-condition allows normal users to access queue files when they are created Bug ID: 1221146 --------------- 4.x sendmail with main.cf using -om easily core dumps sending to bogus host Bug ID: 1219374 --------------- The -oR option uses popen() to return undeliverable mail Bug ID: 1220963 --------------- sendmail suffers buffer overrun problems Bug ID: 1206859 --------------- sendmail allows users to run programs and append to files remotely. Bug ID: 1189411 --------------- security loophole using "M" option. Bug ID: 1191075 --------------- security loophole by tampering with qf files. Bug ID: 1193189 --------------- sendmail coredumps for unknown users when using "-bv" Bug ID: 1153954 --------------- unknown user in alias list kills the entire list if the mail is sent from a remote machine. Bug ID: 1160505 --------------- sendmail dumps core if a very large debug level is specified. Bug ID: 1048259 --------------- sendmail does not lookup owner-alias type aliases in nis map. Bug ID: 1082586 --------------- sendmail does (while (getpwent != NULL)) if getpwnam fails (This is a backport to SunOS 4.1.x of the fix in production SunOS 5.x) Bug ID: 1151181 --------------- sendmail security Bug ID: 1152199 --------------- sendmail .forward capability causes security hole Bug ID: 1144946 --------------- Sendmail can be used to retrieve system files Bug ID: 1056203 --------------- Take for example, viewlogic.com. IN MX 10 suntan.viewlogic.com. *.viewlogic.com. IN MX 10 suntan.viewlogic.com. If the system runs sendmail.mx when it comes to a site that has MX records setup then sendmail.mx will connect back to itself. This causes an "Internal error" message when sending mail. Bug ID: 1030087 --------------- sendmail yp aliasing does not work with non sun yp masters Bug ID: 1068637 --------------- sendmail ignores the .forward file of users with uid values over 32767 Bug ID: 1085853 --------------- security can be subverted with "LD_" environment variables Bug ID: 1041284 --------------- Sendmail -t fails when nfs mount /var/spool/mail from mailhost Bug ID: 1092073 --------------- sendmail loops on mail where name of recipient contains eight bit Bug ID: 1092650 --------------- Sendmail truncates the header if the header length is too long Bug ID: 1093667 --------------- Sendmail doesn't generate error mail in error conditions. Bug ID: 1089670 --------------- Sendmail.mx doesn't handle subdomains. Bug ID: 1084351 --------------- Sendmail gets 550 user unknown during "rcpt to" right after reboot. Bug ID: 1142840 --------------- Sendmail ignores $HOME parameter in .forward file INSTALL: Make a copy of the old files: mv /usr/lib/sendmail.mx /usr/lib/sendmail.mx.fcs mv /usr/lib/sendmail /usr/lib/sendmail.fcs mv /usr/lib/sendmail.main.cf /usr/lib/sendmail.main.cf.fcs mv /usr/lib/sendmail.subsidiary.cf /usr/lib/sendmail.subsidiary.cf.fcs Change permissions on old files so they can't be executed: chmod 0400 /usr/lib/sendmail.mx.fcs /usr/lib/sendmail.fcs Install the patched files: cp `arch`/`uname -r`/sendmail /usr/lib/sendmail cp `arch`/`uname -r`/sendmail.mx /usr/lib/sendmail.mx cp sendmail.main.cf /usr/lib/sendmail.main.cf cp sendmail.subsidiary.cf /usr/lib/sendmail.subsidiary.cf change the owner and file permissions of /usr/lib/sendmail and /usr/lib/sendmail.mx to match those below: chown root.staff /usr/lib/sendmail.mx /usr/lib/sendmail chmod 4551 /usr/lib/sendmail.mx /usr/lib/sendmail -r-sr-x--x 1 root staff 155648 Oct 19 17:20 /usr/lib/sendmail -r-sr-x--x 1 root staff 172032 Oct 19 17:20 /usr/lib/sendmail.mx Kill and restart sendmail and mailtool.