Sicherheit: Unsichere Verwendung von temporären Dateien in sendmail

Lesezeichen hinzufügen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Debian Security Advisory DSA 305-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
May 15th, 2003 http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package : sendmail
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no

Paul Szabo discovered bugs in three scripts included in the sendmail
package where temporary files were created insecurely (expn,
checksendmail and doublebounce.pl). These bugs could allow an
attacker to gain the privileges of a user invoking the script
(including root).

For the stable distribution (woody) these problems have been fixed in
version 8.12.3-6.4.

For the old stable distribution (potato) these problems have been fixed
in version 8.9.3-26.1.

For the unstable distribution (sid) these problems have been fixed in
version 8.12.9-2.

We recommend that you update your sendmail package.

Upgrade Instructions
--------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
--------------------------------

Source archives:

sendmail_8.12.3-6.4.dsc
Size/MD5 checksum: 751 a7ee211817b085cd9ec16b91d9b15e40
sendmail_8.12.3-6.4.diff.gz
Size/MD5 checksum: 254004 fdafe4a26c22db6844bfba3cf3f5c150
sendmail_8.12.3.orig.tar.gz
Size/MD5 checksum: 1840401 b198b346b10b3b5afc8cb4e12c07ff4d

Architecture independent components:

sendmail-doc_8.12.3-6.4_all.deb
Size/MD5 checksum: 747626 68962801ab229167f31f52d9b9aea4ca

Alpha architecture:

libmilter-dev_8.12.3-6.4_alpha.deb
Size/MD5 checksum: 267738 ac9f3641c7256cd406ea6d900fcf478d
sendmail_8.12.3-6.4_alpha.deb
Size/MD5 checksum: 1109330 1b259d1b5dc2b7c3d2ed35da6ff14c8d

ARM architecture:

libmilter-dev_8.12.3-6.4_arm.deb
Size/MD5 checksum: 247474 43abe86241c0ced4931b602505e8f194
sendmail_8.12.3-6.4_arm.deb
Size/MD5 checksum: 979268 8618fd412f56022ba4fab7c3c20bd633

Intel IA-32 architecture:

libmilter-dev_8.12.3-6.4_i386.deb
Size/MD5 checksum: 237226 2044308a32e930663f6a85d67ffe29df
sendmail_8.12.3-6.4_i386.deb
Size/MD5 checksum: 917564 ec4d0e7bec9c8b2ff8825d1cdb127609

Intel IA-64 architecture:

libmilter-dev_8.12.3-6.4_ia64.deb
Size/MD5 checksum: 281920 52d959e3200497065a01940ecdfcd2bc
sendmail_8.12.3-6.4_ia64.deb
Size/MD5 checksum: 1332584 bcc17145035c3489bc549394c439b39c

HP Precision architecture:

libmilter-dev_8.12.3-6.4_hppa.deb
Size/MD5 checksum: 261588 8a723a94e65fae545477c50bc5ddbde0
sendmail_8.12.3-6.4_hppa.deb
Size/MD5 checksum: 1081110 bd650bd43791051924346261e00ebdd6

Motorola 680x0 architecture:

libmilter-dev_8.12.3-6.4_m68k.deb
Size/MD5 checksum: 231056 4a895563d173c29e44145799483c74c5
sendmail_8.12.3-6.4_m68k.deb
Size/MD5 checksum: 865698 f26fca022aa78eaf55c67eece4fd8b0e

Big endian MIPS architecture:

libmilter-dev_8.12.3-6.4_mips.deb
Size/MD5 checksum: 255082 245d7936db41f577318588ae8ae15379
sendmail_8.12.3-6.4_mips.deb
Size/MD5 checksum: 1022152 3ba322f09c8b7d55e737c0f3e483a950

Little endian MIPS architecture:

libmilter-dev_8.12.3-6.4_mipsel.deb
Size/MD5 checksum: 254774 b3dde1b51d7adfeae424d9b7ec28310f
sendmail_8.12.3-6.4_mipsel.deb
Size/MD5 checksum: 1022550 06afa6f123968a790705e70d04aa3817

PowerPC architecture:

libmilter-dev_8.12.3-6.4_powerpc.deb
Size/MD5 checksum: 257196 787607f3b0942bdcda2524fee079b685
sendmail_8.12.3-6.4_powerpc.deb
Size/MD5 checksum: 978572 c87772f045e8a195a407ca5e2bf9260b

IBM S/390 architecture:

libmilter-dev_8.12.3-6.4_s390.deb
Size/MD5 checksum: 242516 0432637a093525753d0d5e99ce202f9f
sendmail_8.12.3-6.4_s390.deb
Size/MD5 checksum: 966240 88034a608cb3088d6fd161ef7bac4e4b

Sun Sparc architecture:

libmilter-dev_8.12.3-6.4_sparc.deb
Size/MD5 checksum: 245230 2803eeeb467ee54214a5eb1ed0dbe8ae
sendmail_8.12.3-6.4_sparc.deb
Size/MD5 checksum: 982536 936f98f405ab5257a16ae8a7f0df98c4

Debian GNU/Linux 2.2 alias potato
---------------------------------

Source archives:

sendmail_8.9.3-26.1.dsc
Size/MD5 checksum: 548 21af6ab3f17a5a7a24773f7f983ac22f
sendmail_8.9.3-26.1.diff.gz
Size/MD5 checksum: 144132 bca5d4b77deafc3de7ddbceaf852b971
sendmail_8.9.3.orig.tar.gz
Size/MD5 checksum: 1068290 efedacfbce84a71d1cfb0e617b84596e

Alpha architecture:

sendmail_8.9.3-26.1_alpha.deb
Size/MD5 checksum: 990020 d1e11af47d0588338f4df6eacdf1c323

ARM architecture:

sendmail_8.9.3-26.1_arm.deb
Size/MD5 checksum: 949082 a2e76b02dbaac5f4c73d2dd67661c246

Intel IA-32 architecture:

sendmail_8.9.3-26.1_i386.deb
Size/MD5 checksum: 932162 efc055a7886aec1c676473da43a5d697

Motorola 680x0 architecture:

sendmail_8.9.3-26.1_m68k.deb
Size/MD5 checksum: 918168 61a2ebfce59a22d7507b78cdcef9ad07

PowerPC architecture:

sendmail_8.9.3-26.1_powerpc.deb
Size/MD5 checksum: 934202 206721bdc8a219ec815b1ac54f7cc774

Sun Sparc architecture:

sendmail_8.9.3-26.1_sparc.deb
Size/MD5 checksum: 946190 25e16f0521a4c9a0f79496de98926f41

--------------------------------------------------------------------------------
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+xC7MArxCt0PiXR4RAk98AKCPy50K5LRKbEBAniGr6gsgsxFtZwCgyChc
AggRMOJbCPzUzZ1LDefTES8=
=ftmF
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org