AIX sendmail.cf Configuration Unauthorized Mail Relay

2003-05-13T00:00:00
ID OSVDB:7993
Type osvdb
Reporter Tom E. Perrine(tep@sdsc.edu)
Modified 2003-05-13T00:00:00

Description

Vulnerability Description

IBM AIX contains a flaw that may allow a malicious user to relay mail. The issue is triggered when AIX is installed with Sendmail configured as an open relay occurs. It is possible that the flaw may allow the server to be used for sending spam.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): reconfigure the Sendmail server to disable relaying and/or disable the Sendmail server. IBM has distributed updated sendmail.cf files with this issue fixed.

Short Description

IBM AIX contains a flaw that may allow a malicious user to relay mail. The issue is triggered when AIX is installed with Sendmail configured as an open relay occurs. It is possible that the flaw may allow the server to be used for sending spam.

References:

Vendor Specific Advisory URL Other Advisory URL: http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=105284689228961&w=2 ISS X-Force ID: 11993 CVE-2003-0285 CERT VU: 814617 Bugtraq ID: 7580