Linuxconf mailconf Improper Sendmail Relay Configuration

2002-11-05T09:53:00
ID OSVDB:6066
Type osvdb
Reporter Ademar de Souza Reis Jr.(ademar@conectiva.com.br)
Modified 2002-11-05T09:53:00

Description

Vulnerability Description

Conectiva linuxconf contains a flaw that may allow a remote attacker to send e-mail without authenticating (ie: "spam"). The problem is that linuxconf utility generates the sendmail configuration file (sendmail.cf) with options that configures sendmail to run as an open mail relay.

Solution Description

Upgrade to version 1.29r1 or higher or apply the appropriate patches from Conectiva, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Conectiva linuxconf contains a flaw that may allow a remote attacker to send e-mail without authenticating (ie: "spam"). The problem is that linuxconf utility generates the sendmail configuration file (sendmail.cf) with options that configures sendmail to run as an open mail relay.

References:

Vendor URL: http://www.solucorp.qc.ca/linuxconf/ Vendor Specific Advisory URL Vendor Specific Advisory URL ISS X-Force ID: 10554 CVE-2002-1278 Bugtraq ID: 6118