Summary
This host is installed with SendMail and is prone to mail relay vulnerability.
Impact
Successful exploitation will allow attackers to send email messages outside of the served network. This could result in unauthorized messages being sent from the vulnerable server.
Impact Level: Application/System
Solution
Upgrade to the latest version of Linuxconf version 1.29r1 or later For updates refer to http://www.solucorp.qc.ca/linuxconf/
For IBM AIX, apply the patch from below link
ftp://aix.software.ibm.com/aix/efixes/security/sendmail_3_mod.tar.Z
Insight
The flaw is due to an error in the mailconf module in Linuxconf which generates the Sendmail configuration file (sendmail.cf) and configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email.
Affected
Linuxconf versions 1.24 r2, 1.2.5 r3
Linuxconf versions 1.24 r2, 1.2.5 r3 on Conectiva Linux 6.0 through 8 IBM AIX versions 4.3, 4.3.1, 4.3.2, 4.3.3, 5.1, 5.1 L, 5.2
References
Severity
Classification
-
CVE CVE-2002-1278, CVE-2003-0285 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities