CVE-2004-0833
CVSS7.5
发布时间 :2004-12-23 00:00:00
修订时间 :2008-09-10 15:27:57
NMCOPS    

[原文]Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.


[CNNVD]Debian GNU/Linux Sendmail包默认SASL密码漏洞(CNNVD-200412-120)

        使用sasl和sasl-binDebian的 GNU/Linux的Sendmail 8.12.3以前版本使用带有固定用户名和密码的Sendmail脚本时存在漏洞。远程攻击者可以利用该漏洞将Sendmail作为开放邮件中继使用并发送spam信息。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:debian:debian_linux:3.0::hppa
cpe:/o:debian:debian_linux:3.0::mipsel
cpe:/o:debian:debian_linux:3.0::mips
cpe:/o:debian:debian_linux:3.0::ia-32
cpe:/o:debian:debian_linux:3.0::m68k
cpe:/o:debian:debian_linux:3.0::sparc
cpe:/o:debian:debian_linux:3.0::s-390
cpe:/o:debian:debian_linux:3.0::alpha
cpe:/o:debian:debian_linux:3.0::arm
cpe:/o:debian:debian_linux:3.0::ia-64
cpe:/o:debian:debian_linux:3.0::ppc
cpe:/o:debian:debian_linux:3.0Debian Debian Linux 3.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0833
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0833
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-120
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/17531
(VENDOR_ADVISORY)  XF  sendmail-mail-relay(17531)
http://www.securityfocus.com/bid/11262
(VENDOR_ADVISORY)  BID  11262
http://www.debian.org/security/2004/dsa-554
(VENDOR_ADVISORY)  DEBIAN  DSA-554
http://secunia.com/advisories/12667
(UNKNOWN)  SECUNIA  12667

- 漏洞信息

Debian GNU/Linux Sendmail包默认SASL密码漏洞
高危 设计错误
2004-12-23 00:00:00 2005-10-20 00:00:00
远程  
        使用sasl和sasl-binDebian的 GNU/Linux的Sendmail 8.12.3以前版本使用带有固定用户名和密码的Sendmail脚本时存在漏洞。远程攻击者可以利用该漏洞将Sendmail作为开放邮件中继使用并发送spam信息。

- 公告与补丁

        The vendor has released an advisory (DSA 554-1) along with fixes to address this issue.
        Debian Linux 3.0 hppa
        
        Debian Linux 3.0 ppc
        
        Debian Linux 3.0 s/390
        
        Debian Linux 3.0
        
        Debian Linux 3.0 arm
        
        Debian Linux 3.0 alpha
        
        Debian Linux 3.0 mips
        
        Debian Linux 3.0 mipsel
        
        Debian Linux 3.0 ia-32
        
        Debian Linux 3.0 sparc
        
        Debian Linux 3.0 m68k
        
        Debian Linux 3.0 ia-64
        

- 漏洞信息 (F34504)

dsa-554.txt (PacketStormID:F34504)
2004-10-01 00:00:00
Hugo Espuny  debian.org
advisory
linux,debian
CVE-2004-0833
[点击下载]

Debian Security Advisory DSA 554-1 - When installing sasl-bin to use sasl in connection with sendmail, the sendmail configuration script uses fixed user/password information to initialize the sasl database. Any spammer with Debian systems knowledge could utilize such a sendmail installation to relay spam.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 554-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 27th, 2004                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : sendmail
Vulnerability  : pre-set password
Problem-Type   : remote
Debian-specific: yes
CVE ID         : CAN-2004-0833

Hugo Espuny discovered a problem in sendmail, a commonly used program
to deliver electronic mail.  When installing "sasl-bin" to use sasl in
connection with sendmail, the sendmail configuration script use fixed
user/pass information to initialise the sasl database.  Any spammer
with Debian systems knowledge could utilise such a sendmail
installation to relay spam.

For the stable distribution (woody) this problem has been fixed in
version 8.12.3-7.1.

For the unstable distribution (sid) this problem has been fixed in
version 8.13.1-13.

We recommend that you upgrade your sendmail package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1.dsc
      Size/MD5 checksum:      751 f87d51444a4f2e04a59fafeb7f097bbc
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1.diff.gz
      Size/MD5 checksum:   258790 c2f8dcc37edf99eada5fb65b26bb9e72
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
      Size/MD5 checksum:  1840401 b198b346b10b3b5afc8cb4e12c07ff4d

  Architecture independent components:

    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-7.1_all.deb
      Size/MD5 checksum:   747880 2ae5775f103472f8f7941e0662786930

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_alpha.deb
      Size/MD5 checksum:   267968 69dab41dfc47d348ec7ee5603971c68b
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_alpha.deb
      Size/MD5 checksum:  1109604 9f64220f46ac154f7426450478f101dc

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_arm.deb
      Size/MD5 checksum:   247700 6bb4396b026113ec4e12026377a18d17
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_arm.deb
      Size/MD5 checksum:   979550 718d6fb7066f753dcba7c71aa7d76ed0

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_i386.deb
      Size/MD5 checksum:   237456 111a0ee4b50eafdfdf89845dc633aa1b
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_i386.deb
      Size/MD5 checksum:   918104 ad5cc37cb435ed63022ab3a16ae01f6e

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_ia64.deb
      Size/MD5 checksum:   282146 360db5037b71cb5eab9015ae8292aca3
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_ia64.deb
      Size/MD5 checksum:  1332930 f25bedb4ac5beb5372a704a99dc4d2ac

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_hppa.deb
      Size/MD5 checksum:   261806 5aebadbfa1f4c5b63a97034a5bdd3b5a
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_hppa.deb
      Size/MD5 checksum:  1081296 1fc96f0e94f384c4f8007358243a4e5e

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_m68k.deb
      Size/MD5 checksum:   231282 8d498605748163c67d9ff0f467e01966
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_m68k.deb
      Size/MD5 checksum:   866108 b41e130ed77f5224f80178375f25664c

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_mips.deb
      Size/MD5 checksum:   255334 699b5f21580f659cd22311150bf0ba5c
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_mips.deb
      Size/MD5 checksum:  1022342 2b627d3fdc4c7c9841c6d150b33c1c2a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_mipsel.deb
      Size/MD5 checksum:   255012 d2a7cf6d78b43bf701b836d0224c3b09
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_mipsel.deb
      Size/MD5 checksum:  1022760 9376daf26c909df8cfd6017861c9a423

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_powerpc.deb
      Size/MD5 checksum:   257484 698ab817f07d5f0d2c4acce2953f1a47
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_powerpc.deb
      Size/MD5 checksum:   978892 b6ee12aaa79ac88ba86c082e76292222

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_s390.deb
      Size/MD5 checksum:   242818 62ee8100f00289f61c741152055b6547
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_s390.deb
      Size/MD5 checksum:   966586 7c1eadeda33234516b07f8241cb88b9d

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_sparc.deb
      Size/MD5 checksum:   245470 17ff10779b02a0d5d278e2ba4221b6c6
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_sparc.deb
      Size/MD5 checksum:   982828 f791b2399d1b7dba4ec770ab08a68e0b


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBWFV5W5ql+IAeqTIRAogmAJwMuD69yyiTzYLDYSznqZ2B6e7Z4wCfXfrB
LK6qiE4EbeeNKoV4sQrnvB8=
=HUT6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
    

- 漏洞信息

10374
Sendmail 'sasl-bin' on Debian Linux Arbitrary Mail Relay
Remote / Network Access Authentication Management
Loss of Integrity
Exploit Unknown

- 漏洞描述

Debian Linux sendmail contains a flaw that may allow a malicious user to relay email. It is possible that the flaw may allow the sendmail installation to be used as for sending spam resulting in a loss of integrity.

- 时间线

2004-09-28 Unknow
Unknow Unknow

- 解决方案

For users of the stable version (woody) upgrade to 8.12.3-7.1 or higher, as it has been reported to fix this vulnerability. For users of the unstable version (sid) 8.13.1-13 or higher as this has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Debian GNU/Linux Sendmail Package Default SASL Password Vulnerability
Design Error 11262
Yes No
2004-09-27 12:00:00 2009-07-12 07:06:00
Hugo Espuny disclosed this vulnerability to the vendor.

- 受影响的程序版本

Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0

- 漏洞讨论

It is reported that the Sendmail package contained in the Debian GNU/Linux operating system is prone to a default password vulnerability, potentially allowing unauthorized use of the Sendmail MTA. This would likely facilitate UCE (Unsolicited Commercial Email, or SPAM) message relaying through affected installations.

Versions of the Debian Sendmail packages prior to 8.12.3-7.1 for Debian stable (woody), and versions prior to 8.13.1-13 for Debian unstable (sid) are reported vulnerable.

- 漏洞利用

An exploit is not required.

- 解决方案

The vendor has released an advisory (DSA 554-1) along with fixes to address this issue.


Debian Linux 3.0 hppa

Debian Linux 3.0 ppc

Debian Linux 3.0 s/390

Debian Linux 3.0

Debian Linux 3.0 arm

Debian Linux 3.0 alpha

Debian Linux 3.0 mips

Debian Linux 3.0 mipsel

Debian Linux 3.0 ia-32

Debian Linux 3.0 sparc

Debian Linux 3.0 m68k

Debian Linux 3.0 ia-64

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站