Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

sendmail vuln.

Discussion in 'E-mail Discussion' started by s3kk3y, Mar 3, 2003.

  1. s3kk3y

    s3kk3y Well-Known Member

    Joined:
    Oct 12, 2002
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    156
  2. hyrum

    hyrum Member

    Joined:
    Nov 1, 2001
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    301
    I was just coming to ask the same thing :) A fairly big exploit by the sounds of it.
     
  3. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,574
    Likes Received:
    3
    Trophy Points:
    343
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    It's going into our servers now.

    This is from the RH Advisory System
    Red Hat Network has determined that the following advisory is applicable to one or more of the systems you have registered:


    Security Advisory - RHSA-2003:073-06
    ------------------------------------------------------------------------------
    Summary:
    Updated sendmail packages fix critical security issues
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. xsenses

    xsenses Well-Known Member

    Joined:
    Aug 29, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Huntington Beach, Ca
    So what is the vote manual upgrade?
     
  5. hyrum

    hyrum Member

    Joined:
    Nov 1, 2001
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    301
    Hmm, would be nice to see it packaged in a Cpanel update :)
     
  6. cretu

    cretu Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    208
    Likes Received:
    0
    Trophy Points:
    166
    Will be then, an update on this?

    Cretu
     
  7. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    428
    Likes Received:
    1
    Trophy Points:
    318
    cPanel Access Level:
    Root Administrator
    cPanel uses Exim -- /usr/lib/sendmail and /usr/sbin/sendmail are actually symlinked to Exim.
     
  8. cretu

    cretu Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    208
    Likes Received:
    0
    Trophy Points:
    166
    So, should I patch the sendmail with rmp from Red Hat or not?
    Sorry for my ignorence but I really seek clear answers.

    Cretu
     
  9. xsenses

    xsenses Well-Known Member

    Joined:
    Aug 29, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Huntington Beach, Ca
    "Since this is a message-based vulnerability, MTAs other than Sendmail may pass on the carefully crafted message. This means that unpatched versions of Sendmail inside a network could still be at risk even if they do not accept external connections directly."

    From RedHat Network
     
  10. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    7
    Trophy Points:
    318
    Location:
    back woods of NC, USA
    I think I am seeing this now in my logs. I have 2 IPs hitting my mail server. Each one hits different times. about 200 hits and then it stops for 5 minutes. The IPs are RIPE IPs

    I don't think we can be infected or compromised but it is causing my mail server to bog down already :(
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. xsenses

    xsenses Well-Known Member

    Joined:
    Aug 29, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Huntington Beach, Ca
    So since Exim is in use this exploit does not apply - correct?
     
  12. ozzi4648

    ozzi4648 Guest

    Who me a snippet of those server hits. I want to see what your referring to.
     
  13. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    7
    Trophy Points:
    318
    Location:
    back woods of NC, USA
    It's calmed down now ..but just today and yesterday over 100K of these below and 80K from the other IP. no other large mail issues. 30 in cue. No spam going out. I don't know maybe I am wrong.. but i have never seen this before.


    2003-03-03 14:53:41 18pw0K-000487-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
    2003-03-03 14:53:50 18pw0S-00048z-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
    2003-03-03 14:53:55 18pw0Y-00049t-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
    2003-03-03 14:54:02 18pw0f-0004A3-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
    2003-03-03 14:54:07 18pw0k-0004AQ-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
    2003-03-03 14:54:14 18pw0r-0004B3-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
    2003-03-03 14:54:20 18pw0x-0004BA-00 rejected from no-reverse.interalpha.net (ernst) [195.26.229.10]: can't currently verify any sender in the header lines (envelope sender is <newmanrt@columbus.rr.com>) - try later
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #13 rpmws, Mar 4, 2003
    Last edited: Mar 4, 2003
  14. ozzi4648

    ozzi4648 Guest

    I dont know if you can call those the exploit hits but i can tell you that if i was you i would just plop those UK ips into my firewall for good.
     
  15. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    7
    Trophy Points:
    318
    Location:
    back woods of NC, USA
    already did
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. georgiabill

    georgiabill Member

    Joined:
    Mar 4, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    151
    This exploit allows for root access which means your server could be compromised. This is a CRITICAL vulnerability. This needs to be fixed immediately.
     
  17. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,480
    Likes Received:
    30
    Trophy Points:
    158
    cPanel Access Level:
    DataCenter Provider
    cpanel does not use sendmail. it uses exim. exim doesn't have this problem. Therefore you can sit back and relax and be happy that your server "sendmail free".
     
  18. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,504
    Likes Received:
    1
    Trophy Points:
    318
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Since the mentioned Article didn't see fit to include a URL for the patch, anyone know where to get it? I'd look for it myself, but I'm doing 3 things right and don't want overload myself. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. georgiabill

    georgiabill Member

    Joined:
    Mar 4, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    151
    Okay. But why does "sendmail" show up as a process (Under "crond") on my RH Linux 6.2 server running Cpanel 6?

    [root@ns log]# pstree -p
    init(1)-+-antirelayd(14674)
    |-chkservd(1791)
    |-cpaneld(1822)
    |-cpaneld(16234)---cpanel(16402)
    |-cpaneld(16372)
    |-cpaneld(16530)
    |-cpaneld(16550)
    |-cpaneld(16570)
    |-cpanellogd(1820)
    |-cppop(1840)
    |-crond(1714)---crond(18656)-+-java(18662)---java(18692)-+-java(18693)
    | | |-java(18694)
    | | |-java(18695)
    | | `-java(18711)
    | `-sendmail(18710)
    |-dsmcad(2310)---dsmcad(2312)-+-dsmcad(2313)
    | `-dsmcad(2314)
    |-entropychat(1850)
    |-exim(2042)-+-exim(9234)---exim(16533)
    | `-exim(16535)
     
  20. xnull

    xnull Well-Known Member

    Joined:
    Sep 9, 2001
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    316
    Because he's wrong :) At least in some instances. Our server came with Sendmail and Cpanel/WHM. And we use sendmail sometimes. And it is probably -on- most servers since it's a default packaged item in unix/linux.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice