Sicherheit: Ausführen beliebiger Kommandos in sendmail

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1143074824-21416-685

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:058
http://www.mandriva.com/security/
_______________________________________________________________________

Package : sendmail
Date : March 22, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A race condition was reported in sendmail in how it handles
asynchronous signals. This could allow a remote attacker to be able
to execute arbitrary code with the privileges of the user running
sendmail.

The updated packages have been patched to correct this problem via a
patch provided by the Sendmail Consortium via CERT.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
http://www.cert.org/advisories/834865
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.2:
95305a1dfe64cfeabdca98fb008cfd91
10.2/RPMS/sendmail-8.13.3-2.1.102mdk.i586.rpm
5215408069e99b0ff2994db3af55d62e
10.2/RPMS/sendmail-cf-8.13.3-2.1.102mdk.i586.rpm
02deae8e6e131ac7cb847e9ab47a9885
10.2/RPMS/sendmail-devel-8.13.3-2.1.102mdk.i586.rpm
356978837f0dbf3ab9dcce39e9f58f7d
10.2/RPMS/sendmail-doc-8.13.3-2.1.102mdk.i586.rpm
9bff19f2f9b0b8502bf5f27dd2895f8e
10.2/SRPMS/sendmail-8.13.3-2.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
f148c878ea5b30370fc94e6a7255de5d
x86_64/10.2/RPMS/sendmail-8.13.3-2.1.102mdk.x86_64.rpm
3968115b895ce937e2d4e2180d577168
x86_64/10.2/RPMS/sendmail-cf-8.13.3-2.1.102mdk.x86_64.rpm
0f6226a324a5285b1ce81ce699de723b
x86_64/10.2/RPMS/sendmail-devel-8.13.3-2.1.102mdk.x86_64.rpm
461e896f92cdd4cea5f0ba56c68ba7a9
x86_64/10.2/RPMS/sendmail-doc-8.13.3-2.1.102mdk.x86_64.rpm
9bff19f2f9b0b8502bf5f27dd2895f8e
x86_64/10.2/SRPMS/sendmail-8.13.3-2.1.102mdk.src.rpm

Mandriva Linux 2006.0:
12616264669772849dc402ae7425229a
2006.0/RPMS/sendmail-8.13.4-6.1.20060mdk.i586.rpm
d551d0ed690a5f3da78842071472d386
2006.0/RPMS/sendmail-cf-8.13.4-6.1.20060mdk.i586.rpm
79c647c58c53c27e1a2555f5af71ef37
2006.0/RPMS/sendmail-devel-8.13.4-6.1.20060mdk.i586.rpm
94fd6a9ffa27388a80e5e1d1cb9543ed
2006.0/RPMS/sendmail-doc-8.13.4-6.1.20060mdk.i586.rpm
a996c91d8899ecb76ff1d961c6c0177a
2006.0/SRPMS/sendmail-8.13.4-6.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
7768a1368faf4890343b97ef868aae78
x86_64/2006.0/RPMS/sendmail-8.13.4-6.1.20060mdk.x86_64.rpm
35f33c64846459eeca8587f7150d3978
x86_64/2006.0/RPMS/sendmail-cf-8.13.4-6.1.20060mdk.x86_64.rpm
a70a4dc0ef6944f43614f83e742a80a2
x86_64/2006.0/RPMS/sendmail-devel-8.13.4-6.1.20060mdk.x86_64.rpm
aaa7adbd147cab2bbad3bea812eb32c2
x86_64/2006.0/RPMS/sendmail-doc-8.13.4-6.1.20060mdk.x86_64.rpm
a996c91d8899ecb76ff1d961c6c0177a
x86_64/2006.0/SRPMS/sendmail-8.13.4-6.1.20060mdk.src.rpm

Corporate 3.0:
be7c8df48bcf0790c64ac389b37754cb
corporate/3.0/RPMS/sendmail-8.12.11-1.1.C30mdk.i586.rpm
631dfdb5d0fc43185af6084e17714ffb
corporate/3.0/RPMS/sendmail-cf-8.12.11-1.1.C30mdk.i586.rpm
96b84769e995ac2595cb8d7ae4918b91
corporate/3.0/RPMS/sendmail-devel-8.12.11-1.1.C30mdk.i586.rpm
58337a123a60b64e6f414de744959337
corporate/3.0/RPMS/sendmail-doc-8.12.11-1.1.C30mdk.i586.rpm
3d46a60520cc65d595c17db6bae809c7
corporate/3.0/SRPMS/sendmail-8.12.11-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
c22a4c20960c29b647532b4d966234b1
x86_64/corporate/3.0/RPMS/sendmail-8.12.11-1.1.C30mdk.x86_64.rpm
ee7aad2adb440347519f5888200e923d
x86_64/corporate/3.0/RPMS/sendmail-cf-8.12.11-1.1.C30mdk.x86_64.rpm
6d0b3c65952995c3f12b076134c8a8e8
x86_64/corporate/3.0/RPMS/sendmail-devel-8.12.11-1.1.C30mdk.x86_64.rpm
c2e31e2fa472f4bb34db27526c25cc92
x86_64/corporate/3.0/RPMS/sendmail-doc-8.12.11-1.1.C30mdk.x86_64.rpm
3d46a60520cc65d595c17db6bae809c7
x86_64/corporate/3.0/SRPMS/sendmail-8.12.11-1.1.C30mdk.src.rpm

Multi Network Firewall 2.0:
d1f8e453ab9456d0bb7f34acf1388d3c
mnf/2.0/RPMS/sendmail-8.12.11-1.1.M20mdk.i586.rpm
6b0f02721103c1b25622e3d54e474c19
mnf/2.0/RPMS/sendmail-cf-8.12.11-1.1.M20mdk.i586.rpm
03f66672c6792fcf40d84a1dc4b686ef
mnf/2.0/RPMS/sendmail-devel-8.12.11-1.1.M20mdk.i586.rpm
b966f80b82cd054474ec43e9ff3be679
mnf/2.0/RPMS/sendmail-doc-8.12.11-1.1.M20mdk.i586.rpm
244093bf42df7c6db16246c56b7e6495
mnf/2.0/SRPMS/sendmail-8.12.11-1.1.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEIbzgmqjQ0CJFipgRAhBmAJ4+sz1TLMj9OtkFD7qkzeoKqx2QRACePJpG
TOUC6wCTGyhm/0XjQlWPk+w=
=uycL
-----END PGP SIGNATURE-----

------------=_1143074824-21416-685
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1143074824-21416-685--