[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UNIRAS Brief - 524/03 -Red Hat - Updated Sendmail packages fix vulnerability + Updated KDE packages fix security issues
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------------------
UNIRAS (UK Govt CERT) Briefing Notice - 524/03 dated 18.09.03 Time: 10:33
UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------
Title
=====
Two Red Hat Security Advisories:
1: Updated Sendmail packages fix vulnerability
2: Updated KDE packages fix security issues
Detail
======
1: Updated Sendmail packages fix vulnerability
- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated Sendmail packages fix vulnerability.
Advisory ID: RHSA-2003:283-01
Issue date: 2003-09-17
Updated on: 2003-09-17
Product: Red Hat Linux
Keywords:
Cross references:
Obsoletes: RHSA-2003:265
CVE Names: CAN-2003-0694 CAN-2003-0681
- - - ---------------------------------------------------------------------
1. Topic:
Updated Sendmail packages that fix a potentially-exploitable vulnerability
are now available.
2. Relevant releases/architectures:
Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
Red Hat Linux 9 - i386
3. Problem description:
Sendmail is a widely used Mail Transport Agent (MTA) and is included in all
Red Hat Linux distributions.
Michal Zalewski found a bug in the prescan() function of unpatched Sendmail
versions prior to 8.12.10. The sucessful exploitation of this bug can lead
to heap and stack structure overflows. Although no exploit currently
exists, this issue is locally exploitable and may also be remotely
exploitable. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0694 to this issue.
Additionally, for Red Hat Linux 8.0 and 9 we have included a fix for a
potential buffer overflow in ruleset parsing. This problem is not
exploitable in the default sendmail configuration; it is exploitable only
if non-standard rulesets recipient (2), final (4), or mailer-specific
envelope recipients rulesets are used. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0681 to
this issue.
All users are advised to update to these erratum packages containing a
backported patch which corrects these vulnerabilities.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
If up2date fails to connect to Red Hat Network due to SSL Certificate
Errors, you need to install a version of the up2date client with an updated
certificate. The latest version of up2date is available from the Red Hat
FTP site and may also be downloaded directly from the RHN website:
https://rhn.redhat.com/help/latest-up2date.pxt
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
104563 - CAN-2003-0694 Sendmail possible remote exploit
6. RPMs required:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/sendmail-8.11.6-27.71.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-8.11.6-27.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-doc-8.11.6-27.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-devel-8.11.6-27.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-cf-8.11.6-27.71.i386.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/sendmail-8.11.6-27.72.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-8.11.6-27.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-doc-8.11.6-27.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-devel-8.11.6-27.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-cf-8.11.6-27.72.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-8.11.6-27.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-doc-8.11.6-27.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-devel-8.11.6-27.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-cf-8.11.6-27.72.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/sendmail-8.11.6-27.73.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-8.11.6-27.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-doc-8.11.6-27.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-devel-8.11.6-27.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-cf-8.11.6-27.73.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/sendmail-8.12.8-9.80.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-8.12.8-9.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-doc-8.12.8-9.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-devel-8.12.8-9.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-cf-8.12.8-9.80.i386.rpm
Red Hat Linux 9:
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/sendmail-8.12.8-9.90.src.rpm
i386:
ftp://updates.redhat.com/9/en/os/i386/sendmail-8.12.8-9.90.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/sendmail-doc-8.12.8-9.90.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/sendmail-devel-8.12.8-9.90.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/sendmail-cf-8.12.8-9.90.i386.rpm
7. Verification:
MD5 sum Package Name
- - - --------------------------------------------------------------------------
675b4366f9894a73944ed8f91cea5c7d 7.1/en/os/SRPMS/sendmail-8.11.6-27.71.src.rpm
faed73b08e50794290423dd2b8c8bc9f 7.1/en/os/i386/sendmail-8.11.6-27.71.i386.rpm
bf1cc813beded26219d81e7fb0a5cc8b 7.1/en/os/i386/sendmail-cf-8.11.6-27.71.i386.rpm
b3658219e5a31c2a788a828b80044581 7.1/en/os/i386/sendmail-devel-8.11.6-27.71.i386.rpm
4c47bae883878e661312561bb35fdd1d 7.1/en/os/i386/sendmail-doc-8.11.6-27.71.i386.rpm
0fc61a1454c0c4a06f35105bc2b497f3 7.2/en/os/SRPMS/sendmail-8.11.6-27.72.src.rpm
65054b5ca258e62afa68a6cc3439d64f 7.2/en/os/i386/sendmail-8.11.6-27.72.i386.rpm
c4dfd211300fbadd2f7482c80094054b 7.2/en/os/i386/sendmail-cf-8.11.6-27.72.i386.rpm
24f6d31f51e7688bc261ffe4ee248280 7.2/en/os/i386/sendmail-devel-8.11.6-27.72.i386.rpm
213f9dbe89703c90eb970bf09121adfe 7.2/en/os/i386/sendmail-doc-8.11.6-27.72.i386.rpm
2fff7128169ae9a3a3cf4e7f3418a64a 7.2/en/os/ia64/sendmail-8.11.6-27.72.ia64.rpm
2ad3274246e74dad6462ce1d630b0fc9 7.2/en/os/ia64/sendmail-cf-8.11.6-27.72.ia64.rpm
7c4330087840a86ad38e459879211768 7.2/en/os/ia64/sendmail-devel-8.11.6-27.72.ia64.rpm
fae68ef232f32b3736964d2fdcea77de 7.2/en/os/ia64/sendmail-doc-8.11.6-27.72.ia64.rpm
afa8639444b6fc6b2889d18b34fcdc68 7.3/en/os/SRPMS/sendmail-8.11.6-27.73.src.rpm
9164913aa510c0c241646cf7134f6b4c 7.3/en/os/i386/sendmail-8.11.6-27.73.i386.rpm
5ac5d48dbc80c817d384e1267452ef96 7.3/en/os/i386/sendmail-cf-8.11.6-27.73.i386.rpm
df4b107c15fdbfd8c7c97423956831d8 7.3/en/os/i386/sendmail-devel-8.11.6-27.73.i386.rpm
370ec17f86d5658b3f7f9adcf0102a69 7.3/en/os/i386/sendmail-doc-8.11.6-27.73.i386.rpm
368c156b23b89d1a0d7eb1cecb3011e2 8.0/en/os/SRPMS/sendmail-8.12.8-9.80.src.rpm
fbecae564b08ab535f846b089c8ca3a9 8.0/en/os/i386/sendmail-8.12.8-9.80.i386.rpm
da5ede78cf6da018537a741bd4f1df70 8.0/en/os/i386/sendmail-cf-8.12.8-9.80.i386.rpm
66fdacc34440831977a571dfb6540e58 8.0/en/os/i386/sendmail-devel-8.12.8-9.80.i386.rpm
6afa3f6f6e79e4fbda7c5026cea277c7 8.0/en/os/i386/sendmail-doc-8.12.8-9.80.i386.rpm
870a1c9b2cf0e161ae7d0e78d0c080f4 9/en/os/SRPMS/sendmail-8.12.8-9.90.src.rpm
2d2d9df08fa8084ceafb832d454ad543 9/en/os/i386/sendmail-8.12.8-9.90.i386.rpm
c44250016b8b353a1985fa4510a50327 9/en/os/i386/sendmail-cf-8.12.8-9.90.i386.rpm
98dadb898089fc7952790f38cbe71f96 9/en/os/i386/sendmail-devel-8.12.8-9.90.i386.rpm
bc6dadfb2f68215c09b876972f5c74b5 9/en/os/i386/sendmail-doc-8.12.8-9.90.i386.rpm
These packages are GPG signed by Red Hat for security. Our key is
available from https://www.redhat.com/security/keys.html
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
md5sum <filename>
8. References:
http://marc.theaimsgroup.com/?l=bugtraq&m=106381604923204&w=2
http://www.sendmail.org/8.12.10.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0681
9. Contact:
The Red Hat security contact is <secalert@xxxxxxxxxx>. More contact
details at https://www.redhat.com/solutions/security/news/contact.html
Copyright 2003 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/aPIeXlSAg2UNWIIRAtLyAJ95/RGZ8+MVxCtdQIyIvdld6qzWmgCgvIS2
4BxeY7F3ZN1MzjXJkfsGweI=
=1iy9
- - -----END PGP SIGNATURE-----
2: Updated KDE packages fix security issues
- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated KDE packages fix security issues
Advisory ID: RHSA-2003:269-01
Issue date: 2003-09-16
Updated on: 2003-09-16
Product: Red Hat Linux
Keywords: PAM pam_krb5 pam_setcred
Cross references:
Obsoletes: RHSA-2003:235
CVE Names: CAN-2003-0690 CAN-2003-0692
- - - ---------------------------------------------------------------------
1. Topic:
Updated KDE packages that resolve a local security issue with KDM PAM
support and weak session cookie generation are now available.
2. Relevant releases/architectures:
Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
Red Hat Linux 9 - i386
3. Problem description:
KDE is a graphical desktop environment for the X Window System.
KDE between versions 2.2.0 and 3.1.3 inclusive contain a bug in the KDE
Display Manager (KDM) when checking the result of a pam_setcred() call.
If an error condition is triggered by the installed PAM modules, KDM might
grant local root access to any user with valid login credentials.
It has been reported that one way to trigger this bug is by having a
certain configuration of the MIT pam_krb5 module that leaves a session
alive and gives root access to a regular user. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0690
to this issue.
In addition, the session cookie generation algorithm used by KDM was
considered too weak to supply a full 128 bits of entropy. This could make
it possible for non-authorized users, who are able to bypass any host
restrictions, to brute-force the session cookie and gain acess to the
current session. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0692 to this issue.
Users of KDE are advised to upgrade to these erratum packages, which
contain security patches correcting these issues.
Red Hat would like to thank the KDE team for notifying us of this issue and
providing the security patches.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
If up2date fails to connect to Red Hat Network due to SSL Certificate
Errors, you need to install a version of the up2date client with an updated
certificate. The latest version of up2date is available from the Red Hat
FTP site and may also be downloaded directly from the RHN website:
https://rhn.redhat.com/help/latest-up2date.pxt
5. RPMs required:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/kdebase-2.2.2-0.71.5.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/kdebase-2.2.2-0.71.5.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/kdebase-devel-2.2.2-0.71.5.i386.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/kdebase-2.2.2-11.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/kdebase-2.2.2-11.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/kdebase-devel-2.2.2-11.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/kdebase-2.2.2-11.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/kdebase-devel-2.2.2-11.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/kdebase-3.0.5a-0.73.4.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/kdebase-3.0.5a-0.73.4.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/kdebase-devel-3.0.5a-0.73.4.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/kdebase-3.0.5a-9.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/kdebase-3.0.5a-9.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/kdebase-devel-3.0.5a-9.i386.rpm
Red Hat Linux 9:
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/kdebase-3.1-15.src.rpm
i386:
ftp://updates.redhat.com/9/en/os/i386/kdebase-3.1-15.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/kdebase-devel-3.1-15.i386.rpm
6. Verification:
MD5 sum Package Name
- - - --------------------------------------------------------------------------
cb6bb0a57fe9f3b14a20587f46987d4f 7.1/en/os/SRPMS/kdebase-2.2.2-0.71.5.src.rpm
5a46ecc2211a258c40bf507b8b29abd3 7.1/en/os/i386/kdebase-2.2.2-0.71.5.i386.rpm
40b6300799af3d9bc02e7e22a7379497 7.1/en/os/i386/kdebase-devel-2.2.2-0.71.5.i386.rpm
920975f4a5a0ad3afed469b4cd7101bc 7.2/en/os/SRPMS/kdebase-2.2.2-11.src.rpm
80e0d4d9a3d43578db0acc7ff8df220d 7.2/en/os/i386/kdebase-2.2.2-11.i386.rpm
c7dc480e86ba296ea49405957a099e98 7.2/en/os/i386/kdebase-devel-2.2.2-11.i386.rpm
299579139bcce74c6a7016b541345b4c 7.2/en/os/ia64/kdebase-2.2.2-11.ia64.rpm
78c1159be0e74352400a05ad3e01ae90 7.2/en/os/ia64/kdebase-devel-2.2.2-11.ia64.rpm
c447ab78bdbc8543efbb808a43729385 7.3/en/os/SRPMS/kdebase-3.0.5a-0.73.4.src.rpm
b065e5b78dd710934b63f328b08d1560 7.3/en/os/i386/kdebase-3.0.5a-0.73.4.i386.rpm
ae98720219e096dfa1793b95de7f4ebc 7.3/en/os/i386/kdebase-devel-3.0.5a-0.73.4.i386.rpm
15ecc4af762e759f88ecf568711a68df 8.0/en/os/SRPMS/kdebase-3.0.5a-9.src.rpm
5b6bd4dbb3dcd08bfbd091cf6fdada0d 8.0/en/os/i386/kdebase-3.0.5a-9.i386.rpm
c703a3356091161e3147ffdbccf9763b 8.0/en/os/i386/kdebase-devel-3.0.5a-9.i386.rpm
549903de2f482c68f05cb0659a085560 9/en/os/SRPMS/kdebase-3.1-15.src.rpm
4bb6fef4d5f0a82473082912926daeda 9/en/os/i386/kdebase-3.1-15.i386.rpm
d2ba495ab6fea5d3ef67e96cfca32d59 9/en/os/i386/kdebase-devel-3.1-15.i386.rpm
These packages are GPG signed by Red Hat for security. Our key is
available from https://www.redhat.com/security/keys.html
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
md5sum <filename>
7. References:
http://www.kde.org/info/security/advisory-20030916-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692
8. Contact:
The Red Hat security contact is <secalert@xxxxxxxxxx>. More contact
details at https://www.redhat.com/solutions/security/news/contact.html
Copyright 2003 Red Hat, Inc.
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE/Z3ZwXlSAg2UNWIIRAto+AKCumq8GkEKlwWzOVELPINzTyUzxCACgjzBF
wNQsF4FB/i3+kzblOTQQzRI=
=qWlC
- - -----END PGP SIGNATURE-----
- ----------------------------------------------------------------------------------
For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via EMail to:
uniras@xxxxxxxxxxxx
Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686
Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts
- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the canonical site
to ensure that you receive the most current information concerning that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQCVAwUBP2mDkopao72zK539AQH5EAP+Ocl6/wAswrVIUr3TjmamEG/O6rBcodWw
Cocc6Uox6IHsydwHMsjd95rLSLKjnW1ti2HN9eKPzXsUh8yr7ejT6zQ/W6Kf18a6
yX3xI9dP7A5gPNDNsZLepKD3F2K39ee2GSzi8MeC0Bwt22JQh8ALYw+fNKgsvvFG
AKw8jV4KedY=
=nXM6
-----END PGP SIGNATURE-----