lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030403102111.F25573@sco.com>
Date: Thu, 3 Apr 2003 10:21:11 -0800
From: security@....com
To: bugtraq@...urityfocus.com, announce@...ts.caldera.com,
	security-alerts@...uxsecurity.com
Subject: Security Update: [CSSA-2003-016.0] OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-12)

To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com

______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-12) 
Advisory number: 	CSSA-2003-016.0
Issue date: 		2003 April 03
Cross reference:
______________________________________________________________________________


1. Problem Description

	From CERT CA-2003-12: There is a vulnerability in sendmail that
	can be exploited to cause a denial-of-service condition and
	could allow a remote attacker to execute arbitrary code with
	the privileges of the sendmail daemon, typically root.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to sendmail-8.11.6-14.i386.rpm
					prior to sendmail-cf-8.11.6-14.i386.rpm
					prior to sendmail-doc-8.11.6-14.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to sendmail-8.11.6-14.i386.rpm
					prior to sendmail-cf-8.11.6-14.i386.rpm
					prior to sendmail-doc-8.11.6-14.i386.rpm

	OpenLinux 3.1 Server		prior to sendmail-8.11.6-14.i386.rpm
					prior to sendmail-cf-8.11.6-14.i386.rpm
					prior to sendmail-doc-8.11.6-14.i386.rpm

	OpenLinux 3.1 Workstation	prior to sendmail-8.11.6-14.i386.rpm
					prior to sendmail-cf-8.11.6-14.i386.rpm
					prior to sendmail-doc-8.11.6-14.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/RPMS

	4.2 Packages

	accdca36710b2807c97d75f918b7a0b8	sendmail-8.11.6-14.i386.rpm
	0103e9cf07d8b606214ead49c04611ed	sendmail-cf-8.11.6-14.i386.rpm
	e78e32f2a0a76b4ac0695a9a1c1a0ddd	sendmail-doc-8.11.6-14.i386.rpm

	4.3 Installation

	rpm -Fvh sendmail-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/SRPMS

	4.5 Source Packages

	101b2fdd563a18c7d8e86e7d0f111294	sendmail-8.11.6-14.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-016.0/RPMS

	5.2 Packages

	d0b2a4dd15e53c0ca5c82add1187e914	sendmail-8.11.6-14.i386.rpm
	da90eb543a25169681025eb777c7fdbd	sendmail-cf-8.11.6-14.i386.rpm
	b818b54c4faf6c4a0ecebc5b5d06f260	sendmail-doc-8.11.6-14.i386.rpm

	5.3 Installation

	rpm -Fvh sendmail-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-016.0/SRPMS

	5.5 Source Packages

	b8f82f1b4b8cf71c27133799d1552beb	sendmail-8.11.6-14.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/RPMS

	6.2 Packages

	54ce66a6a7eb27b4bee77b9573542cd9	sendmail-8.11.6-14.i386.rpm
	4965e3e93468cfebb9a543f8d09e8489	sendmail-cf-8.11.6-14.i386.rpm
	2d4ebdfdc6725e03a7a7c7b773fb4cc8	sendmail-doc-8.11.6-14.i386.rpm

	6.3 Installation

	rpm -Fvh sendmail-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/SRPMS

	6.5 Source Packages

	40de3bdd9051e16f314441e47cb46f44	sendmail-8.11.6-14.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/RPMS

	7.2 Packages

	8cfbb054ce0c829363a7f47fdef3cccc	sendmail-8.11.6-14.i386.rpm
	67336fe8d54ff650a7304b2affb61194	sendmail-cf-8.11.6-14.i386.rpm
	e2ece45c38ae7ab6e68add7372361999	sendmail-doc-8.11.6-14.i386.rpm

	7.3 Installation

	rpm -Fvh sendmail-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/SRPMS

	7.5 Source Packages

	c0b8bf532e09bc7e8682ef4f5d7d863a	sendmail-8.11.6-14.src.rpm


8. References

	Specific references for this advisory:

		http://www.cert.org/advisories/CA-2003-12.html
		http://www.kb.cert.org/vuls/id/897604
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr876462, fz527631,
	erg712278.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


10. Acknowledgements

	Michal Zalewski <lcamtuf@...ttot.org> discovered and researched
	this vulnerability.

______________________________________________________________________________

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ