Sendmail decode/uudecode alias could allow remote file creation

smtp-dcod (126) The risk level is classified as MediumMedium Risk

Description:

A common configuration for older mail transfer agents (MTAs) is to include an alias for the decode user. All mail sent to this user is sent to the uudecode program, which automatically converts and stores files. A remote attacker can send mail to the decode or uudecode alias that is present on some systems to create or overwrite files on the remote host. This allows an attacker to gain remote access to the system.


Consequences:

File Manipulation

Remedy:

Disable mail aliases for decode and uudecode. If the /etc/aliases or /usr/lib/aliases (mail alias) file contains entries for these programs, remove them or disable them by placing # at the beginning of the line, and then executing the newaliases command. For more information on Unix mail aliases, refer to the man page for aliases. Disabled aliases would be similar to these examples:

# decode: |/usr/bin/uudecode
# uudecode: |/usr/bin/uuencode -d

References:

Platforms Affected:

  • Compaq Tru64
  • Data General DG/UX
  • HP HP-UX
  • IBM AIX
  • Linux Kernel
  • SCO SCO Unix
  • Sendmail Sendmail
  • SGI IRIX
  • Sun Solaris
  • WindRiver BSDOS

Reported:

Jan 01, 1990

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page