drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in sendmail
Name: |
Pufferüberlauf in sendmail
|
|
ID: |
CSSA-2003-016.0 |
|
Distribution: |
Caldera |
|
Plattformen: |
Caldera Server 3.1, Caldera Workstation 3.1, Caldera Server 3.1.1, Caldera Workstation 3.1.1 |
|
Datum: |
Sa, 5. April 2003, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Sendmail |
|
Originalnachricht |
______________________________________________________________________________
SCO Security Advisory
Subject: OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-12) Advisory number: CSSA-2003-016.0 Issue date: 2003 April 03 Cross reference: ______________________________________________________________________________
1. Problem Description
From CERT CA-2003-12: There is a vulnerability in sendmail that can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root.
2. Vulnerable Supported Versions
System Package ----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to sendmail-8.11.6-14.i386.rpm prior to sendmail-cf-8.11.6-14.i386.rpm prior to sendmail-doc-8.11.6-14.i386.rpm
OpenLinux 3.1.1 Workstation prior to sendmail-8.11.6-14.i386.rpm prior to sendmail-cf-8.11.6-14.i386.rpm prior to sendmail-doc-8.11.6-14.i386.rpm
OpenLinux 3.1 Server prior to sendmail-8.11.6-14.i386.rpm prior to sendmail-cf-8.11.6-14.i386.rpm prior to sendmail-doc-8.11.6-14.i386.rpm
OpenLinux 3.1 Workstation prior to sendmail-8.11.6-14.i386.rpm prior to sendmail-cf-8.11.6-14.i386.rpm prior to sendmail-doc-8.11.6-14.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/RPMS
4.2 Packages
accdca36710b2807c97d75f918b7a0b8 sendmail-8.11.6-14.i386.rpm 0103e9cf07d8b606214ead49c04611ed sendmail-cf-8.11.6-14.i386.rpm e78e32f2a0a76b4ac0695a9a1c1a0ddd sendmail-doc-8.11.6-14.i386.rpm
4.3 Installation
rpm -Fvh sendmail-8.11.6-14.i386.rpm rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/SRPMS
4.5 Source Packages
101b2fdd563a18c7d8e86e7d0f111294 sendmail-8.11.6-14.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-016.0/RPMS
5.2 Packages
d0b2a4dd15e53c0ca5c82add1187e914 sendmail-8.11.6-14.i386.rpm da90eb543a25169681025eb777c7fdbd sendmail-cf-8.11.6-14.i386.rpm b818b54c4faf6c4a0ecebc5b5d06f260 sendmail-doc-8.11.6-14.i386.rpm
5.3 Installation
rpm -Fvh sendmail-8.11.6-14.i386.rpm rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm
5.4 Source Package Location
SRPMS
5.5 Source Packages
b8f82f1b4b8cf71c27133799d1552beb sendmail-8.11.6-14.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/RPMS
6.2 Packages
54ce66a6a7eb27b4bee77b9573542cd9 sendmail-8.11.6-14.i386.rpm 4965e3e93468cfebb9a543f8d09e8489 sendmail-cf-8.11.6-14.i386.rpm 2d4ebdfdc6725e03a7a7c7b773fb4cc8 sendmail-doc-8.11.6-14.i386.rpm
6.3 Installation
rpm -Fvh sendmail-8.11.6-14.i386.rpm rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/SRPMS
6.5 Source Packages
40de3bdd9051e16f314441e47cb46f44 sendmail-8.11.6-14.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/RPMS
7.2 Packages
8cfbb054ce0c829363a7f47fdef3cccc sendmail-8.11.6-14.i386.rpm 67336fe8d54ff650a7304b2affb61194 sendmail-cf-8.11.6-14.i386.rpm e2ece45c38ae7ab6e68add7372361999 sendmail-doc-8.11.6-14.i386.rpm
7.3 Installation
rpm -Fvh sendmail-8.11.6-14.i386.rpm rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/SRPMS
7.5 Source Packages
c0b8bf532e09bc7e8682ef4f5d7d863a sendmail-8.11.6-14.src.rpm
8. References
Specific references for this advisory:
http://www.cert.org/advisories/CA-2003-12.html http://www.kb.cert.org/vuls/id/897604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr876462, fz527631, erg712278.
9. Disclaimer
SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products.
10. Acknowledgements
Michal Zalewski <lcamtuf@ghettot.org> discovered and researched this vulnerability.
______________________________________________________________________________
|
|
|
|