Debian Linux sendmail creates temporary files insecurely

sendmail-tmpfile-insecure (12018) The risk level is classified as HighHigh Risk

Description:

The sendmail package included with Debian Linux could allow a remote attacker to gain elevated privileges. Sendmail, a Mail Transport Agent (MTA) used on many operating systems, creates temporary files insecurely in the expn, checksendmail, and doublebounce.pl scripts. This vulnerability could allow a local attacker to gain privileges of the script user, possibly root.

Platforms Affected:

  • Debian, Debian Linux 2.2
  • Debian, Debian Linux 3.0

Remedy:

For Debian GNU/Linux:
Upgrade to the latest sendmail package, as listed below. Refer to DSA-305-1 for more information. See References.

Debian GNU/Linux 2.2 (potato): 8.9.3-26.1 or later
Debian GNU/Linux 3.0 (woody): 8.12.3-6.4 or later

Consequences:

Gain Privileges

References:

  • BID-7614: Sendmail Insecure Temporary File Privilege Escalation Vulnerability
  • CVE-2003-0308: The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.
  • DSA-305: sendmail -- insecure temporary files

Reported:

May 15, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page