[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCO] Buffer Overflow in sendmail - CSSA-2003-016.0

-----BEGIN PGP SIGNED MESSAGE-----

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung von Caldera International
Inc. ueber Sicherheitsprobleme bei "sendmail". Wir geben diese
Informationen unveraendert an Sie weiter.

Die Schwachstelle wurde bereits im Advisory von CERT/CC (CA-2003-12
vom 31.03.2003) behandelt.

Die Schwachstelle aehnelt dem kuerzlich bekanntgewordenen Heap
Overflow in sendmail (CA-2003-07 vom 04. Maerz 2003), ist mit diesem
jedoch nicht identisch.

Es existiert ein Buffer Overflow im MTA "sendmail" in dem Teil des
Programms, der fuer das Parsen der EMail-Adressen verantwortlich
ist. Durch Senden einer Mail mit einer ueberlangen Adresse koennte ein
Angreifer die Schwachstelle lokal und vermutlich auch ueber das Netz
fuer einen Denial-of-Service-Angriff oder die Ausfuehrung beliebigen
Codes unter der sendmail-UID (meist "root") ausnutzen.

Betroffen sind:

	Open Linux Workstation 3.1 und 3.1.1 und
	Open Linux Server 3.1 und 3.1.1

Der Hersteller stellt Updates zur Verfuegung.

(c) der deutschen Zusammenfassung bei DFN-CERT GmbH; die Verbreitung,
auch auszugsweise, ist nur unter Hinweis auf den Urheber, DFN-CERT
GmbH, und nur zu nicht kommerziellen Zwecken gestattet.

Mit freundlichen Gruessen,

	Marco Thorbruegge, DFN-CERT

- -- 
Marco Thorbruegge        |              mailto:thorbruegge@xxxxxxxxxxx
DFN-CERT GmbH            |          http://www.cert.dfn.de/team/matho/
Heidenkampsweg 41        |                    Phone: +49(40)808077-555
D-20097 Hamburg/Germany  |                      FAX: +49(40)808077-556
PGP-Key: 0xAE662425 Fingerpr.: 7E5C A77A F91D 63D1 02AB 9526 53FF F1A0 

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-12) 
Advisory number: 	CSSA-2003-016.0
Issue date: 		2003 April 03
Cross reference:
______________________________________________________________________________


1. Problem Description

	From CERT CA-2003-12: There is a vulnerability in sendmail that
	can be exploited to cause a denial-of-service condition and
	could allow a remote attacker to execute arbitrary code with
	the privileges of the sendmail daemon, typically root.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to sendmail-8.11.6-14.i386.rpm
					prior to sendmail-cf-8.11.6-14.i386.rpm
					prior to sendmail-doc-8.11.6-14.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to sendmail-8.11.6-14.i386.rpm
					prior to sendmail-cf-8.11.6-14.i386.rpm
					prior to sendmail-doc-8.11.6-14.i386.rpm

	OpenLinux 3.1 Server		prior to sendmail-8.11.6-14.i386.rpm
					prior to sendmail-cf-8.11.6-14.i386.rpm
					prior to sendmail-doc-8.11.6-14.i386.rpm

	OpenLinux 3.1 Workstation	prior to sendmail-8.11.6-14.i386.rpm
					prior to sendmail-cf-8.11.6-14.i386.rpm
					prior to sendmail-doc-8.11.6-14.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/RPMS

	4.2 Packages

	accdca36710b2807c97d75f918b7a0b8	sendmail-8.11.6-14.i386.rpm
	0103e9cf07d8b606214ead49c04611ed	sendmail-cf-8.11.6-14.i386.rpm
	e78e32f2a0a76b4ac0695a9a1c1a0ddd	sendmail-doc-8.11.6-14.i386.rpm

	4.3 Installation

	rpm -Fvh sendmail-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/SRPMS

	4.5 Source Packages

	101b2fdd563a18c7d8e86e7d0f111294	sendmail-8.11.6-14.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-016.0/RPMS

	5.2 Packages

	d0b2a4dd15e53c0ca5c82add1187e914	sendmail-8.11.6-14.i386.rpm
	da90eb543a25169681025eb777c7fdbd	sendmail-cf-8.11.6-14.i386.rpm
	b818b54c4faf6c4a0ecebc5b5d06f260	sendmail-doc-8.11.6-14.i386.rpm

	5.3 Installation

	rpm -Fvh sendmail-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-016.0/SRPMS

	5.5 Source Packages

	b8f82f1b4b8cf71c27133799d1552beb	sendmail-8.11.6-14.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/RPMS

	6.2 Packages

	54ce66a6a7eb27b4bee77b9573542cd9	sendmail-8.11.6-14.i386.rpm
	4965e3e93468cfebb9a543f8d09e8489	sendmail-cf-8.11.6-14.i386.rpm
	2d4ebdfdc6725e03a7a7c7b773fb4cc8	sendmail-doc-8.11.6-14.i386.rpm

	6.3 Installation

	rpm -Fvh sendmail-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/SRPMS

	6.5 Source Packages

	40de3bdd9051e16f314441e47cb46f44	sendmail-8.11.6-14.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/RPMS

	7.2 Packages

	8cfbb054ce0c829363a7f47fdef3cccc	sendmail-8.11.6-14.i386.rpm
	67336fe8d54ff650a7304b2affb61194	sendmail-cf-8.11.6-14.i386.rpm
	e2ece45c38ae7ab6e68add7372361999	sendmail-doc-8.11.6-14.i386.rpm

	7.3 Installation

	rpm -Fvh sendmail-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/SRPMS

	7.5 Source Packages

	c0b8bf532e09bc7e8682ef4f5d7d863a	sendmail-8.11.6-14.src.rpm


8. References

	Specific references for this advisory:

		http://www.cert.org/advisories/CA-2003-12.html
		http://www.kb.cert.org/vuls/id/897604
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr876462, fz527631,
	erg712278.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


10. Acknowledgements

	Michal Zalewski <lcamtuf@xxxxxxxxxxx> discovered and researched
	this vulnerability.

______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj6MjBYACgkQbluZssSXDTH5agCgrNQKwc6Rii3vktDoNyUKhql7
gXYAoNGid+pLCmqU/3KQTsBhFnVUhE+k
=6U1K
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAgUBPo2ST3sh3gGuZiQlAQFoFwgAjeeXRm9QBRymNp8iHgyWRRwlA9M8w4d0
QquJhlS0bvQl3N45VBzCleqI5Djp8pi4LEwEVHiN0pq5x8Ud/hK2qQlvFa4a/+Bt
KV+q7Vn5HTtkCq5aM4jpfXvJwrDIypaJexm37w1gy6AmsPtILJwihqM5V4Z0/moU
WUheTas+VX4RMbe7XLzYAEf2D6p1PMXQCWtAcY7XIHbZMEGO5VbHt9yu+4vbdBjw
ak5CfSv0y3Ddsj90Y2UQJH94q84pVz/UgaPFHvLEAVjIwvKwDSIvBu2B+px1CoNr
7c42n+hdYYAvT1bNe4zniBqBLolzEePdIA86MWE7aQdK4hoH2xlHCQ==
=I400
-----END PGP SIGNATURE-----