AIX - Sendmail Vulnerability: CVE-2014-3956

I have a system AIX with 6.1.00 tl9 is necessary install fix for sendmail-cve-2014-3956 ?

The problem exists only if I go to the internet world?
Dario VercelliSystem administratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dfkeCommented:
Hi,

issue:
 lslpp -L | grep -i bos.net.tcp.client

Open in new window

The following fileset levels are vulnerable:

key_fileset = aix

Fileset                    Lower Level  Upper Level KEY
————————————————————
bos.net.tcp.client         5.3.12.0     5.3.12.10   key_w_fs
bos.net.tcp.server         5.3.12.0     5.3.12.6    key_w_fs
bos.net.tcp.client         6.1.9.0      6.1.9.315   key_w_fs
bos.net.tcp.client         7.1.4.0      7.1.4.32    key_w_fs
bos.net.tcp.client         7.1.5.0      7.1.5.15    key_w_fs
bos.net.tcp.sendmail       7.2.0.0      7.2.0.2     key_w_fs
bos.net.tcp.sendmail       7.2.1.0      7.2.1.1     key_w_fs
bos.net.tcp.sendmail       7.2.2.0      7.2.2.15    key_w_fs

If listed then I suggest you install SP12 or install the APAR.

It's actually vulnerable to local users.

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

Cheers

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dario VercelliSystem administratorAuthor Commented:
Hi,


If I understand correctly the vunerabilita 'only concerns the intranet part of local users, can not' be made by external users correct?
dfkeCommented:
Hi,

Yes it is a local vulnerability.

Cheers
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

nociSoftware EngineerCommented:
Local vulnerability concerns users that are ALLREADY logged on to equipment.
SSH/TELNET login and then are able to xploit.   It doesn;t matter if SSH is over internet of intranet, or console..... You need to be logged-on to the machine somehow.

If  **network is involved..., it is remotely exploitable.    (** net intranet is equivalent to internet...)  No need to logon through other means first.
dfkeCommented:
Hi,

that's all true in general.

Except that no one with a right state of mind will consider using telnetd nowadays or even make an IBM power server, which can cost over $100k a piece easily, directly accessible over the internet.

Cheers
Dario VercelliSystem administratorAuthor Commented:
best solution
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.