SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Server)  >   Sendmail Vendors:   Sendmail Consortium
(Apple Issues Fix) Sendmail Buffer Overflow in Parsing Certain Header Comments May Let Remote Users Execute Arbitrary Code with Root Privileges
SecurityTracker Alert ID:  1006210
SecurityTracker URL:  http://securitytracker.com/id/1006210
CVE Reference:   CAN-2002-1337   (Links to External Site)
Date:  Mar 4 2003
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.79 - 8.12.7
Description:   A buffer overflow vulnerability was reported in the Sendmail mail transfer agent (MTA). A remote user could execute arbitrary code with the privileges of the mail server (typically root privileges)

It is reported that the software contains an exploitable buffer overflow in the parsing of certain SMTP header elements. The report indicates that long sender or recipient header comments may trigger the flaw. A remote user could create a specially crafted message to cause arbitrary code to be executed on the target server. The target server could be the sending MTA, an intermediate MTA, or the destination MTA.

The vendor has labeled this bug as a "critical security problem."

The vendor credits Mark Dowd of ISS X-Force with reporting the flaw.

Another buffer overflow was reported in the processing of RFC 1413 ident protocol messages (this was discovered by a different user). According to the vendor, this is "non-exploitable."
Impact:   A remote user could execute arbitrary code with the privileges of the target server, which is typically root privileges. Any MTA processing the message may be affected.
Solution:   The vendor has released a fix (Security Update 2003-03-03), available at:

* Software Update pane in System Preferences (updating from Mac OS X 10.1.5 and 10.2.4)

- OR -

* Apple's Software Downloads web site:

Updating from Mac OS X 10.2.4:

http://www.info.apple.com/kbnum/n120195

The download file is named: "1024SecUpd2003-03-03.dmg" and the SHA-1 digest is: 2eb722f340d4e57aa79bb5422b94d556888cbf38

The Security Update 2003-03-03 fix for Mac OS X 10.1.5 is planned to be available on March 4, according to Apple.

Some additiona information is available on the Apple Support web site:

http://docs.info.apple.com/article.html?artnum=61798
Vendor URL:  docs.info.apple.com/article.html?artnum=61798 (Links to External Site)
Cause:   Boundary error
Underlying OS:   UNIX (OS X)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 3 2003 Sendmail Buffer Overflow in Parsing Certain Header Comments May Let Remote Users Execute Arbitrary Code with Root Privileges


 Source Message Contents
Date:  Mon, 03 Mar 2003 14:09:17 -0800
Subject:  APPLE-SA-2003-03-03 sendmail


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2003-03-03 sendmail

Security Update 2003-03-03 is now available.  It contains fixes for the
following potential security issues:

* Sendmail:  Fixes CAN-2002-1337 where a remote attacker could gain
elevated privileges on affected hosts.  Sendmail is not enabled by
default on Mac OS X, so only those systems which have explictly enabled
sendmail are vulnerable.  All customers of Mac OS X, however, are
encouraged to apply this update.

* OpenSSL:  Fixes CAN-2003-0078, where it is theoretically possible for
a third-party to extract the original plaintext of encrypted messages
sent over the network.  Security Update 2003-03-03 applies this fix for
Mac OS X 10.2.4, and customers of earlier Mac OS X versions may obtain
the patch from the OpenSSL web site:
http://www.openssl.org/

Security Update 2003-03-03 may be obtained from:

   * Software Update pane in System Preferences
      (updating from Mac OS X 10.1.5 and 10.2.4)

   - OR -

   * Apple's Software Downloads web site:
   
     Updating from Mac OS X 10.2.4:
        http://www.info.apple.com/kbnum/n120195
     The download file is named: "1024SecUpd2003-03-03.dmg"
     Its SHA-1 digest is: 2eb722f340d4e57aa79bb5422b94d556888cbf38

Security Update 2003-03-03 for Mac OS X 10.1.5 is planned to be
available on March 4.

Information is also posted to the Apple Support web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQEVAwUBPmOrFyFlYNdE6F9oAQKKGwf+M/zZAtIErkTeyAvWvJ/JpltKxCpMDsTv
vl0MBWLg/qtF6ZJdFOkwybpvMMzGK67B6MACH+42NMLPVA61iRLX551B5AYaG9Vv
oBzDff89eMPxl+xcx+JK9mgkXRPkpSWw0XZxvLXagjhfWXlGAZbEF399os+/TTQF
xvWOV4X6/v0D1KPmbOPmgRiOzjprS4cmDrI/LcKVkWFDLJVmDJ2LqoomIQmvldZQ
wC3X/xrIqN0UUI368xfi8MTIIGwQmyNLG4SfqMU1GmyldsNCrRbj0PyQcunfUtmL
pYmN6Lui5HI1QshnEQGrB4pcIpzdUrDsQIkW8yVfVMVHibkN/sTXlw==
=0V8+
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC