LISTSERV - HP3000-L Archives

HP3000-L Archives

March 2003, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L March 2003, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Sendmail and latest patch
From:	James Hofmeister <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Thu, 27 Mar 2003 05:04:06 GMT
Content-Type:	text/plain
Parts/Attachments:	text/plain (69 lines)

Hello ALL @ 3000-L,

RE: CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail

--------------------------------------------------
Though the people who discovered the problem
explicitly state:

"Protection mechanisms such as implementation of a
non-executable stack do not offer any protection
from exploitation of this vulnerability."

http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
--------------------------------------------------

A number of "MPE" features protect the HP-e3K from exploitation of
hackers...

. MPE has a barrier between code objects and data objects
. MPE does not support modifiable code objects
. MPE has a barrier between process stack and system objects
. MPE does not support execution of objects within the buffer manager

... and through obscurity MPE has additional protection

. MPE does not implement a root logon
. MPE trap handlers are unique to MPE

In the case of this CERT, a Sendmail executable object could be
received and executed, but on the HP-e3K would be limited to data on
the Sendmail process stack (it would trap if it read or wrote beyond
the process stack) or to calls to intrinsic/procedure request for
system objects that Sendmail already has the capability of reading.

The CERT specifies the threat is "Attackers may remotely exploit this
vulnerability to gain "root" or superuser control of any vulnerable
Sendmail server".

Several points here limit the concern on the HP-e3k...  MPE does not
support a root logon.  Logon & passwords are not on the process stack.
If writing over the process stack does not terminate the process first,
writing past the end of stack will initiate a MPE trap handler and
terminate the process.  The MPE trap handlers are unique to MPE and
would involve significant MPE internals knowledge to set a trap handler
to run alternate code.

Bottom Line, the concern for this CERT for Sendmail on MPE systems is
the premature termination of Sendmail process's.  This can be avoided
by installing the recommended patches.

I hope this helps.

Regards,

James Hofmeister
Hewlett Packard - Global Solutions Engineering (WTEC)
P.S. My Ideals are my own, not necessarily my employers.




________________________________________________________________
Sign Up for Juno Platinum Internet Access Today
Only $9.95 per month!
Visit www.juno.com

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU