***********************************************************************
DDN Security Bulletin 90-02      DCA DDN Defense Communications System
30 Jan 90               Published by: DDN Security Coordination Center
                                     (SCC@NIC.DDN.MIL)  (800) 235-3155

                        DEFENSE  DATA  NETWORK
                          SECURITY  BULLETIN

The DDN  SECURITY BULLETIN  is distributed  by the  DDN SCC  (Security
Coordination Center) under  DCA contract as  a means of  communicating
information on network and host security exposures, fixes, &  concerns
to security & management personnel at DDN facilities.  Back issues may
be  obtained  via  FTP  (or  Kermit)  from  NIC.DDN.MIL  [26.0.0.73 or
10.0.0.51] using login="anonymous" and password="guest".  The bulletin
pathname is SCC:DDN-SECURITY-yy-nn (where "yy" is the year the bulletin
is issued and "nn" is a bulletin number, e.g. SCC:DDN-SECURITY-90-01).
**********************************************************************

                      SUN SENDMAIL VULNERABILITY

+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
!                                                                       !
!     The following important  advisory was  issued by the Computer     !
!     Emergency Response Team (CERT)  and is being relayed unedited     !
!     via the Defense Communications Agency's Security Coordination     !
!     Center  distribution  system  as a  means  of  providing  DDN     !
!     subscribers with useful security information.                     !
!                                                                       !
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

			    CERT Advisory
			   29 January 1990
		      Sun Sendmail Vulnerability


The Computer Emergency Response Team Coordination Center (CERT/CC) has
learned of, and has verified, break-ins on several Internet systems 
in which the intruders have exploited a vulnerability in the Sun
sendmail program.  This vulnerability exists in all versions of
SunOS up to and including the current version, 4.0.3 on Sun 3, Sun 4,
and Sun 386i systems (note that 4.0.2 is the most current version of
SunOS on the 386i machines). That is, all current Sun systems.

The vulnerability has previously been reported to Sun and a solution
to this problem (Sun bug # 1028173) is available via a new version of
sendmail supplied by Sun.  The new sendmail is available directly from
the Sun Answer Center (1-800-USA-4SUN).  Sun 3 and Sun 4 sendmail
binaries are also available via anonymous FTP from uunet.uu.net in the
/sun-fixes directory.

This incident underscores the need for system administrators to
maintain an awareness of the steps their vendors are taking to
improve the security aspects of their products, and to seriously
consider upgrading system configurations when solutions to security
problems are made available.

Administrators of Sun systems are urged to contact Sun for the new
version of the sendmail program.  Administrators of machines other 
than Suns are urged to contact their vendors to verify that they are 
running the latest version of sendmail, since there may have been 
security related fixes to it in the past year.

If you need further information on this problem, contact your Sun
representative or CERT/CC.  CERT/CC can be contacted by telephone at
(412) 268-7090 (24 hours) or email to cert@cert.sei.cmu.edu (monitored
daily).

Our thanks to Matt Bishop and Wayne Cripps for their efforts in
analyzing and investigating this problem and its solution.


Kenneth R. van Wyk
Technical Coordinator, Computer Emergency Response Team
Software Engineering Institute
Carnegie Mellon University
cert@CERT.SEI.CMU.EDU
(412) 268-7090  (24 hour hotline)