Patch-ID# 100377-05 Keywords: matching, wildcard, sendmail, forward, uid's > 32767, security, LD_ environment variables Synopsis: SunOS 4.1;4.1.x: Sendmail.mx doesn't recognize wildcard, forward, uid's > 32767, "LD_" environment variables can be exploited to subvert security Date: 15-Sept-92 SunOS release: 4.1, 4.1.1, 4.1.2, 4.1.3 Topic: sendmail jumbo patch BugId's fixed with this patch: 1056203, 1030087, 1068637, 1085853, 1041284, 1092073, 1092650, 1093667, 1089670, 1084351 Changes incorporated in this version: 1092073 1092650 1093667 1089670 1084351 Architectures for which this patch is available: sun3(all), sun4(all) Patches which may conflict with this patch: Obsoleted by: Problem Description: Bug ID: 1056203 --------------- Take for example, viewlogic.com. IN MX 10 suntan.viewlogic.com. *.viewlogic.com. IN MX 10 suntan.viewlogic.com. If the system runs sendmail.mx when it comes to a site that has MX records setup then sendmail.mx will connect back to itself. This causes an "Internal error" message when sending mail. Bug ID: 1030087 --------------- Synopsis: sendmail yp aliasing does not work with non sun yp masters Bug ID: 1068637 --------------- sendmail ignores the .forward file of users with uid values over 32767 Bug ID: 1085853 --------------- security can be subverted with "LD_" environment variables Bug ID: 1041284 --------------- Sendmail -t fails when nfs mount /var/spool/mail from mailhost Bug ID: 1092073 --------------- sendmail loops on mail where name of recipient contains eight bit Bug ID: 1092650 --------------- Sendmail truncates the header if the header length is too long Bug ID: 1093667 --------------- Sendmail doesn't generate error mail in error conditions. Bug ID: 1089670 --------------- Sendmail.mx doesn't handle subdomains. Bug ID: 1084351 -------------- Sendmail gets 550 user unknown during "rcpt to" right after reboot. INSTALL: Make a copy of the old files: mv /usr/lib/sendmail.mx /usr/lib/sendmail.mx.fcs mv /usr/lib/sendmail /usr/lib/sendmail.fcs Change permissions on old files so they can't be executed: chmod 0400 /usr/lib/sendmail.mx.fcs /usr/lib/sendmail.fcs Install the patched files: cp `arch`/{OS Release}/sendmail /usr/lib/sendmail cp `arch`/{OS Release}/sendmail.mx /usr/lib/sendmail.mx change the owner and file permissions of /usr/lib/sendmail and /usr/lib/sendmail.mx to match those below: chown root.staff /usr/lib/sendmail.mx /usr/lib/sendmail chmod 4551 /usr/lib/sendmail.mx /usr/lib/sendmail -r-sr-x--x 1 root staff 155648 Oct 11 1990 /usr/lib/sendmail.mx -r-sr-x--x 1 root staff 139264 Oct 11 1990 /usr/lib/sendmail Kill and restart sendmail and mailtool.