[Full-Disclosure] [RHSA-2003:120-01] Updated sendmail packages fix vulnerability

From: bugzillaat_private
Date: Mon Mar 31 2003 - 09:14:47 PST

  • Next message: KF: "[Full-Disclosure] SRT2003-03-31-1219 - SAP world writable server binaries" 

    ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated sendmail packages fix vulnerability
Advisory ID:       RHSA-2003:120-01
Issue date:        2003-03-31
Updated on:        2003-03-31
Product:           Red Hat Linux
Keywords:          sendmail
Cross references:  
Obsoletes:         RHSA-2003:073
CVE Names:         CAN-2003-0161
---------------------------------------------------------------------

1. Topic:

Updated Sendmail packages are available to fix a vulnerability that
allows local and possibly remote attackers to gain root privileges.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - i386
Red Hat Linux 7.0 - i386
Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
Red Hat Linux 9 - i386

3. Problem description:

Sendmail is a widely used Mail Transport Agent (MTA) which is included
in all Red Hat Linux distributions.

There is a vulnerability in Sendmail versions prior to and including 
8.12.8. The address parser performs insufficient bounds checking in certain
conditions due to a char to int conversion, making it possible for an
attacker to take control of the application.  Although no exploit currently
exists, this issue is probably locally exploitable and may also be remotely
exploitable.

All users are advised to update to these erratum packages containing a
backported patch which corrects these vulnerabilities.

Red Hat would like to thank Michal Zalewski for finding and reporting this
issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/sendmail-8.11.6-1.62.3.src.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/sendmail-8.11.6-1.62.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/sendmail-cf-8.11.6-1.62.3.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/sendmail-doc-8.11.6-1.62.3.i386.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/sendmail-8.11.6-25.70.src.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/sendmail-8.11.6-25.70.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/sendmail-cf-8.11.6-25.70.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/sendmail-devel-8.11.6-25.70.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/sendmail-doc-8.11.6-25.70.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/sendmail-8.11.6-25.71.src.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-8.11.6-25.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-cf-8.11.6-25.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-devel-8.11.6-25.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-doc-8.11.6-25.71.i386.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/sendmail-8.11.6-25.72.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-8.11.6-25.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-cf-8.11.6-25.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-devel-8.11.6-25.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-doc-8.11.6-25.72.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-8.11.6-25.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-cf-8.11.6-25.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-devel-8.11.6-25.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-doc-8.11.6-25.72.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/sendmail-8.11.6-25.73.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-8.11.6-25.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-cf-8.11.6-25.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-devel-8.11.6-25.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-doc-8.11.6-25.73.i386.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/sendmail-8.12.8-5.80.src.rpm

i386:
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-8.12.8-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-cf-8.12.8-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-devel-8.12.8-5.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-doc-8.12.8-5.80.i386.rpm

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/sendmail-8.12.8-5.90.src.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/sendmail-8.12.8-5.90.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/sendmail-cf-8.12.8-5.90.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/sendmail-devel-8.12.8-5.90.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/sendmail-doc-8.12.8-5.90.i386.rpm



6. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
25bec1ec6aff40327f051cf5400a55c8 6.2/en/os/SRPMS/sendmail-8.11.6-1.62.3.src.rpm
98cbc533ab27d4145fca5d0b75697eba 6.2/en/os/i386/sendmail-8.11.6-1.62.3.i386.rpm
edb796a81e0916d27d768d5ea948762c 6.2/en/os/i386/sendmail-cf-8.11.6-1.62.3.i386.rpm
d932f3df0f6ff85117b80099ef6018ba 6.2/en/os/i386/sendmail-doc-8.11.6-1.62.3.i386.rpm
2e9c2920c804174aa5b4b36376280a73 7.0/en/os/SRPMS/sendmail-8.11.6-25.70.src.rpm
8a5d3dbd633a74e85129882ef4cb8949 7.0/en/os/i386/sendmail-8.11.6-25.70.i386.rpm
95ea041b1f867b375c0b51bbc7747195 7.0/en/os/i386/sendmail-cf-8.11.6-25.70.i386.rpm
0ee0e855770c75ecbdba88a9fde57ba8 7.0/en/os/i386/sendmail-devel-8.11.6-25.70.i386.rpm
ade66612e4e8397b58b98b5727e5e2a5 7.0/en/os/i386/sendmail-doc-8.11.6-25.70.i386.rpm
835ddd29ba9d926cc74b154582d27bc6 7.1/en/os/SRPMS/sendmail-8.11.6-25.71.src.rpm
0a107e87606aea194828f15091633a64 7.1/en/os/i386/sendmail-8.11.6-25.71.i386.rpm
d66b2716ea71021875e17f63c54753c1 7.1/en/os/i386/sendmail-cf-8.11.6-25.71.i386.rpm
6b1b8871b4ed4ce67594222864dcf01a 7.1/en/os/i386/sendmail-devel-8.11.6-25.71.i386.rpm
b78a97ca20b17a25b638fb4a9c958bf3 7.1/en/os/i386/sendmail-doc-8.11.6-25.71.i386.rpm
8a4b2636b0bba80f4dfb7cab9b6d39b9 7.2/en/os/SRPMS/sendmail-8.11.6-25.72.src.rpm
c55e36f27f0e871901634f2e569a27c0 7.2/en/os/i386/sendmail-8.11.6-25.72.i386.rpm
79eaee7161e16721db6de44c5c76e6f9 7.2/en/os/i386/sendmail-cf-8.11.6-25.72.i386.rpm
d31c0978a188395bb164baa479882256 7.2/en/os/i386/sendmail-devel-8.11.6-25.72.i386.rpm
5eb4102d16bf2a2b84a20405eed447a3 7.2/en/os/i386/sendmail-doc-8.11.6-25.72.i386.rpm
42b3b6c89a1c6865490ccd6f972d24ed 7.2/en/os/ia64/sendmail-8.11.6-25.72.ia64.rpm
38c3cec537424d7c558e7697e85ca08c 7.2/en/os/ia64/sendmail-cf-8.11.6-25.72.ia64.rpm
d2ff64efd64c91087f94723716c186fc 7.2/en/os/ia64/sendmail-devel-8.11.6-25.72.ia64.rpm
d07d3544200a58aca31e3e174dc0cfb9 7.2/en/os/ia64/sendmail-doc-8.11.6-25.72.ia64.rpm
f3686bceb53446bcdb270a7b5560f2c6 7.3/en/os/SRPMS/sendmail-8.11.6-25.73.src.rpm
4cfa915e89b4dd70ebe215666bade465 7.3/en/os/i386/sendmail-8.11.6-25.73.i386.rpm
760a980ca97b16e1f86008346e216bb5 7.3/en/os/i386/sendmail-cf-8.11.6-25.73.i386.rpm
997c535e8794d4066b3539bd2ecb368e 7.3/en/os/i386/sendmail-devel-8.11.6-25.73.i386.rpm
3dc5ae59b23a9cb349d722db77ded402 7.3/en/os/i386/sendmail-doc-8.11.6-25.73.i386.rpm
aed187a50991bb1a20d09796b3f15369 8.0/en/os/SRPMS/sendmail-8.12.8-5.80.src.rpm
4b437527303dd0794a9e0ebb8eb1aad4 8.0/en/os/i386/sendmail-8.12.8-5.80.i386.rpm
a3c07f2d84f60a5b04238b5034a12558 8.0/en/os/i386/sendmail-cf-8.12.8-5.80.i386.rpm
0e17408c933de3cf5b6c448d0b4bb9d6 8.0/en/os/i386/sendmail-devel-8.12.8-5.80.i386.rpm
ebff02d1f8a60a58fca72b6e556f82b6 8.0/en/os/i386/sendmail-doc-8.12.8-5.80.i386.rpm
6890269d1da992a454b6d109d5d47db6 9/en/os/SRPMS/sendmail-8.12.8-5.90.src.rpm
b6e03531852eeb3faddec11cbecbd207 9/en/os/i386/sendmail-8.12.8-5.90.i386.rpm
fcdcbe2bf542773ee00292c42c809b56 9/en/os/i386/sendmail-cf-8.12.8-5.90.i386.rpm
8d8301e9286510343399703049ab7b43 9/en/os/i386/sendmail-devel-8.12.8-5.90.i386.rpm
7b4126ee338184d9053c339433ab02f2 9/en/os/i386/sendmail-doc-8.12.8-5.90.i386.rpm


These packages are GPG signed by Red Hat for security.  Our key is
available at http://www.redhat.com/solutions/security/news/publickey/

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161

8. Contact:

The Red Hat security contact is <securityat_private>.  More contact
details at http://www.redhat.com/solutions/security/news/contact/

Copyright 2003 Red Hat, Inc.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

    This archive was generated by hypermail 2b30 : Mon Mar 31 2003 - 09:56:47 PST