Info

Disclosure

May 13, 2003

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

IBM AIX contains a flaw that may allow a malicious user to relay mail. The issue is triggered when AIX is installed with Sendmail configured as an open relay occurs. It is possible that the flaw may allow the server to be used for sending spam.

Classification

Location: Remote / Network Access
Attack Type: Misconfiguration
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): reconfigure the Sendmail server to disable relaying and/or disable the Sendmail server. IBM has distributed updated sendmail.cf files with this issue fixed.

Products

International Business Machines Corporation	AIX	4.3.3
		5.1
		5.2

References

ISS X-Force ID: 11993
CVE ID: 2003-0285 (see also: NVD)
Bugtraq ID: 7580
CERT VU: 814617
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=105284689228961&w=2
Other Advisory URL: http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt
Vendor Specific Advisory URL: http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0756.1

Credit

Tom E. Perrine - tepsdsc.edu - San Diego Supercomputer Center

Direct URL: http://osvdb.org/7993

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

AIX

References

Credit