<<< Date Index >>>     <<< Thread Index >>>

OpenLinux: Sendmail prescan remotely exploitable vulnerability



To: announce@xxxxxxxxxxxxxxxxx bugtraq@xxxxxxxxxxxxxxxxx 
full-disclosure@xxxxxxxxxxxxxxxx security-alerts@xxxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenLinux: Sendmail prescan remotely exploitable 
vulnerability
Advisory number:        CSSA-2003-036.0
Issue date:             2003 November 17
Cross reference:        sr884726 fz528319 erg712432
______________________________________________________________________________


1. Problem Description

        There seems to be a remotely exploitable vulnerability affecting
        Sendmail up to including the latest version, 8.12.9. The problem
        lies in prescan() function. 

        CAN-2003-0694 The prescan function in Sendmail 8.12.9 allows 
        remote attackers to execute arbitrary code via buffer overflow 
        attacks, as demonstrated using the parseaddr function in 
        parseaddr.c.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------
        OpenLinux 3.1.1 Server          prior to sendmail-8.11.6-15.i386.rpm
                                        prior to sendmail-cf-8.11.6-15.i386.rpm
                                        prior to sendmail-doc-8.11.6-15.i386.rpm

        OpenLinux 3.1.1 Workstation     prior to sendmail-8.11.6-15.i386.rpm
                                        prior to sendmail-cf-8.11.6-15.i386.rpm
                                        prior to sendmail-doc-8.11.6-15.i386.rpm


3. Solution

        The proper solution is to install the latest packages. Many
        customers find it easier to use the Caldera System Updater, called
        cupdate (or kcupdate under the KDE environment), to update these
        packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-036.0/RPMS

        4.2 Packages

        d83fb7296cf6fce2d1af8212bda7dd46        sendmail-8.11.6-15.i386.rpm
        ac25d7e2a9aaddcce08aad001b6d7241        sendmail-cf-8.11.6-15.i386.rpm
        9f7b9c04f75384843ba6b54689236dc2        sendmail-doc-8.11.6-15.i386.rpm

        4.3 Installation

        rpm -Fvh sendmail-8.11.6-15.i386.rpm
        rpm -Fvh sendmail-cf-8.11.6-15.i386.rpm
        rpm -Fvh sendmail-doc-8.11.6-15.i386.rpm

        4.4 Source Package Location

        
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-036.0/SRPMS

        4.5 Source Packages

        8b1dab8855ac4e1a25b336b58dcf1772        sendmail-8.11.6-15.src.rpm


5. OpenLinux 3.1.1 Workstation

        5.1 Package Location

        
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-036.0/RPMS

        5.2 Packages

        9931dfc45eb2d041278b9552bc9f2043        sendmail-8.11.6-15.i386.rpm
        0fa48f065798774025c9359eac9bc293        sendmail-cf-8.11.6-15.i386.rpm
        3619371879178cb82292c859a76208c6        sendmail-doc-8.11.6-15.i386.rpm

        5.3 Installation

        rpm -Fvh sendmail-8.11.6-15.i386.rpm
        rpm -Fvh sendmail-cf-8.11.6-15.i386.rpm
        rpm -Fvh sendmail-doc-8.11.6-15.i386.rpm

        5.4 Source Package Location

        
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-036.0/SRPMS

        5.5 Source Packages

        960a4ed05febec0d0480114c75d29065        sendmail-8.11.6-15.src.rpm


6. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694

        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr884726 fz528319
        erg712432.


7. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers intended
        to promote secure installation and use of SCO products.


8. Acknowledgements

        SCO would like to thank Michal Zalewski for reporting this issue.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/uUoLbluZssSXDTERAtloAJ9Gh5hQeibNQDSScVtGDfZWYSETCQCfczun
bPGaiOKrZ6xocUgaLCIqnoI=
=Nvds
-----END PGP SIGNATURE-----