The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

sendmail vuln.

Discussion in 'E-mail Discussions' started by s3kk3y, Mar 3, 2003.

  1. s3kk3y

    s3kk3y Well-Known Member

    Joined:
    Oct 12, 2002
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
  2. hyrum

    hyrum Member

    Joined:
    Nov 1, 2001
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    I was just coming to ask the same thing :) A fairly big exploit by the sounds of it.
     
  3. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    It's going into our servers now.

    This is from the RH Advisory System
    Red Hat Network has determined that the following advisory is applicable to one or more of the systems you have registered:


    Security Advisory - RHSA-2003:073-06
    ------------------------------------------------------------------------------
    Summary:
    Updated sendmail packages fix critical security issues
     
  4. xsenses

    xsenses Well-Known Member

    Joined:
    Aug 29, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Huntington Beach, Ca
    So what is the vote manual upgrade?
     
  5. hyrum

    hyrum Member

    Joined:
    Nov 1, 2001
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Hmm, would be nice to see it packaged in a Cpanel update :)
     
  6. cretu

    cretu Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    208
    Likes Received:
    0
    Trophy Points:
    16
    Will be then, an update on this?

    Cretu
     
  7. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    427
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    cPanel uses Exim -- /usr/lib/sendmail and /usr/sbin/sendmail are actually symlinked to Exim.
     
  8. cretu

    cretu Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    208
    Likes Received:
    0
    Trophy Points:
    16
    So, should I patch the sendmail with rmp from Red Hat or not?
    Sorry for my ignorence but I really seek clear answers.

    Cretu
     
  9. xsenses

    xsenses Well-Known Member

    Joined:
    Aug 29, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Huntington Beach, Ca
    "Since this is a message-based vulnerability, MTAs other than Sendmail may pass on the carefully crafted message. This means that unpatched versions of Sendmail inside a network could still be at risk even if they do not accept external connections directly."

    From RedHat Network
     
  10. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    I think I am seeing this now in my logs. I have 2 IPs hitting my mail server. Each one hits different times. about 200 hits and then it stops for 5 minutes. The IPs are RIPE IPs

    I don't think we can be infected or compromised but it is causing my mail server to bog down already :(
     
  11. xsenses

    xsenses Well-Known Member

    Joined:
    Aug 29, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Huntington Beach, Ca
    So since Exim is in use this exploit does not apply - correct?
     
  12. ozzi4648

    ozzi4648 Guest

    Who me a snippet of those server hits. I want to see what your referring to.
     
  13. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    It's calmed down now ..but just today and yesterday over 100K of these below and 80K from the other IP. no other large mail issues. 30 in cue. No spam going out. I don't know maybe I am wrong.. but i have never seen this before.


    2003-03-03 14:53:41 18pw0K-000487-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
    2003-03-03 14:53:50 18pw0S-00048z-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
    2003-03-03 14:53:55 18pw0Y-00049t-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
    2003-03-03 14:54:02 18pw0f-0004A3-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
    2003-03-03 14:54:07 18pw0k-0004AQ-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
    2003-03-03 14:54:14 18pw0r-0004B3-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
    2003-03-03 14:54:20 18pw0x-0004BA-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
     
    #13 rpmws, Mar 4, 2003
    Last edited: Mar 4, 2003
  14. ozzi4648

    ozzi4648 Guest

    I dont know if you can call those the exploit hits but i can tell you that if i was you i would just plop those UK ips into my firewall for good.
     
  15. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    already did
     
  16. georgiabill

    georgiabill Member

    Joined:
    Mar 4, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    This exploit allows for root access which means your server could be compromised. This is a CRITICAL vulnerability. This needs to be fixed immediately.
     
  17. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    cpanel does not use sendmail. it uses exim. exim doesn't have this problem. Therefore you can sit back and relax and be happy that your server "sendmail free".
     
  18. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Since the mentioned Article didn't see fit to include a URL for the patch, anyone know where to get it? I'd look for it myself, but I'm doing 3 things right and don't want overload myself. ;)
     
  19. georgiabill

    georgiabill Member

    Joined:
    Mar 4, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Okay. But why does "sendmail" show up as a process (Under "crond") on my RH Linux 6.2 server running Cpanel 6?

    [root@ns log]# pstree -p
    init(1)-+-antirelayd(14674)
    |-chkservd(1791)
    |-cpaneld(1822)
    |-cpaneld(16234)---cpanel(16402)
    |-cpaneld(16372)
    |-cpaneld(16530)
    |-cpaneld(16550)
    |-cpaneld(16570)
    |-cpanellogd(1820)
    |-cppop(1840)
    |-crond(1714)---crond(18656)-+-java(18662)---java(18692)-+-java(18693)
    | | |-java(18694)
    | | |-java(18695)
    | | `-java(18711)
    | `-sendmail(18710)
    |-dsmcad(2310)---dsmcad(2312)-+-dsmcad(2313)
    | `-dsmcad(2314)
    |-entropychat(1850)
    |-exim(2042)-+-exim(9234)---exim(16533)
    | `-exim(16535)
     
  20. xnull

    xnull Well-Known Member

    Joined:
    Sep 9, 2001
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    16
    Because he's wrong :) At least in some instances. Our server came with Sendmail and Cpanel/WHM. And we use sendmail sometimes. And it is probably -on- most servers since it's a default packaged item in unix/linux.
     
Loading...

Share This Page