From: security at sco.com (security@....com)
Subject: OpenLinux: Sendmail prescan remotely exploitable vulnerability

To: announce@...ts.caldera.com bugtraq@...urityfocus.com full-disclosure@...ts.netsys.com security-alerts@...uxsecurity.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: Sendmail prescan remotely exploitable vulnerability
Advisory number: 	CSSA-2003-036.0
Issue date: 		2003 November 17
Cross reference:	sr884726 fz528319 erg712432
______________________________________________________________________________


1. Problem Description

	There seems to be a remotely exploitable vulnerability affecting
	Sendmail up to including the latest version, 8.12.9. The problem
	lies in prescan() function. 

	CAN-2003-0694 The prescan function in Sendmail 8.12.9 allows 
	remote attackers to execute arbitrary code via buffer overflow 
	attacks, as demonstrated using the parseaddr function in 
	parseaddr.c.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------
	OpenLinux 3.1.1 Server		prior to sendmail-8.11.6-15.i386.rpm
					prior to sendmail-cf-8.11.6-15.i386.rpm
					prior to sendmail-doc-8.11.6-15.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to sendmail-8.11.6-15.i386.rpm
					prior to sendmail-cf-8.11.6-15.i386.rpm
					prior to sendmail-doc-8.11.6-15.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-036.0/RPMS

	4.2 Packages

	d83fb7296cf6fce2d1af8212bda7dd46	sendmail-8.11.6-15.i386.rpm
	ac25d7e2a9aaddcce08aad001b6d7241	sendmail-cf-8.11.6-15.i386.rpm
	9f7b9c04f75384843ba6b54689236dc2	sendmail-doc-8.11.6-15.i386.rpm

	4.3 Installation

	rpm -Fvh sendmail-8.11.6-15.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-15.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-15.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-036.0/SRPMS

	4.5 Source Packages

	8b1dab8855ac4e1a25b336b58dcf1772	sendmail-8.11.6-15.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-036.0/RPMS

	5.2 Packages

	9931dfc45eb2d041278b9552bc9f2043	sendmail-8.11.6-15.i386.rpm
	0fa48f065798774025c9359eac9bc293	sendmail-cf-8.11.6-15.i386.rpm
	3619371879178cb82292c859a76208c6	sendmail-doc-8.11.6-15.i386.rpm

	5.3 Installation

	rpm -Fvh sendmail-8.11.6-15.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-15.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-15.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-036.0/SRPMS

	5.5 Source Packages

	960a4ed05febec0d0480114c75d29065	sendmail-8.11.6-15.src.rpm


6. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr884726 fz528319
	erg712432.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	SCO would like to thank Michal Zalewski for reporting this issue.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/uUoLbluZssSXDTERAtloAJ9Gh5hQeibNQDSScVtGDfZWYSETCQCfczun
bPGaiOKrZ6xocUgaLCIqnoI=
=Nvds
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists