SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Server)  >   Sendmail Vendors:   Sendmail Consortium
(Caldera Issues Fix for OpenServer) Sendmail Buffer Overflow in Parsing Certain Header Comments May Let Remote Users Execute Arbitrary Code with Root Privileges
SecurityTracker Alert ID:  1006282
SecurityTracker URL:  http://securitytracker.com/id/1006282
CVE Reference:   CAN-2002-1337   (Links to External Site)
Date:  Mar 13 2003
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.79 - 8.12.7
Description:   A buffer overflow vulnerability was reported in the Sendmail mail transfer agent (MTA). A remote user could execute arbitrary code with the privileges of the mail server (typically root privileges)

It is reported that the software contains an exploitable buffer overflow in the parsing of certain SMTP header elements. The report indicates that long sender or recipient header comments may trigger the flaw. A remote user could create a specially crafted message to cause arbitrary code to be executed on the target server. The target server could be the sending MTA, an intermediate MTA, or the destination MTA.

The vendor has labeled this bug as a "critical security problem."

The vendor credits Mark Dowd of ISS X-Force with reporting the flaw.

Another buffer overflow was reported in the processing of RFC 1413 ident protocol messages (this was discovered by a different user). According to the vendor, this is "non-exploitable."
Impact:   A remote user could execute arbitrary code with the privileges of the target server, which is typically root privileges. Any MTA processing the message may be affected.
Solution:   Caldera has released a fix for OpenServer.

OpenServer 5.0.5:

Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6


Verification

MD5 (sendmail.506.tar) = da105d0a82313ed19bc10b515467e93f

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the sendmail.506.tar file to the /tmp directory (OpenServer 5.0.5 uses the 5.0.6 tar image)

2) Extract the files from the tar archive:
cd /tmp; tar xvf sendmail.506.tar

3) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images.


OpenServer 5.0.6:

Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6


Verification

MD5 (sendmail.506.tar) = da105d0a82313ed19bc10b515467e93f

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the sendmail.506.tar file to the /tmp directory

2) Extract the files from the tar archive:
cd /tmp; tar xvf sendmail.506.tar

3) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images.


OpenServer 5.0.7:

Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6


Verification

MD5 (sendmail.507.tar) = 807f1fa8d15a3361a589119bfca18533

md5 is available for download from
ftp://ftp.sco.com/pub/security/tools


Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the sendmail.507.tar file to the /tmp directory

2) Extract the files from the tar archive:
cd /tmp; tar xvf sendmail.507.tar

3) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images.
Vendor URL:  www.sendmail.org/8.12.8.html (Links to External Site)
Cause:   Boundary error
Underlying OS:   UNIX (Open UNIX-SCO)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 3 2003 Sendmail Buffer Overflow in Parsing Certain Header Comments May Let Remote Users Execute Arbitrary Code with Root Privileges


 Source Message Contents
Date:  Thu, 13 Mar 2003 09:57:17 -0800
Subject:  Security Update: [CSSA-2003-SCO.6] OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : remote buffer overflow in sendmail


--82I3+IH0IqGh5yIs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca

______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : remote buffer overflow in sendmail (CERT CA-2003-07)
Advisory number: 	CSSA-2003-SCO.6
Issue date: 		2003 March 12
Cross reference:
______________________________________________________________________________


1. Problem Description

	From CA-2003-07: Researchers at Internet Security Systems
	(ISS) have discovered a remotely exploitable vulnerability
	in sendmail. This vulnerability could allow an intruder to
	gain control of a vulnerable sendmail server.


2. Vulnerable Supported Versions

	System				Vulnerable Versions
	----------------------------------------------------------------------
	OpenServer 5.0.5		previous to sendmail 8.11.0a
	OpenServer 5.0.6		previous to sendmail 8.11.0a
	OpenServer 5.0.7		previous to sendmail 8.11.0a


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.5

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6


	4.2 Verification

	MD5 (sendmail.506.tar) = da105d0a82313ed19bc10b515467e93f

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the sendmail.506.tar file to the /tmp directory
	   (OpenServer 5.0.5 uses the 5.0.6 tar image)

	2) Extract the files from the tar archive:
		cd /tmp; tar xvf sendmail.506.tar

	3) Run the custom command, specify an install from media
	   images, and specify the /tmp directory as the location of
	   the images.


5. OpenServer 5.0.6

	5.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6


	5.2 Verification

	MD5 (sendmail.506.tar) = da105d0a82313ed19bc10b515467e93f

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	5.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the sendmail.506.tar file to the /tmp directory

	2) Extract the files from the tar archive:
		cd /tmp; tar xvf sendmail.506.tar

	3) Run the custom command, specify an install from media
	   images, and specify the /tmp directory as the location of
	   the images.


6. OpenServer 5.0.7

	6.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6


	6.2 Verification

	MD5 (sendmail.507.tar) = 807f1fa8d15a3361a589119bfca18533

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	6.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the sendmail.507.tar file to the /tmp directory

	2) Extract the files from the tar archive:
		cd /tmp; tar xvf sendmail.507.tar

	3) Run the custom command, specify an install from media
	   images, and specify the /tmp directory as the location of
	   the images.


7. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337
		http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
		http://www.cert.org/advisories/CA-2003-07.html
		http://www.kb.cert.org/vuls/id/398025
		http://www.sendmail.org/8.12.8.html

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr875284, fz527484,
	erg712247.


8. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


9. Acknowledgements

	Internet Security Systems, Inc. discovered and researched
	this vulnerability.

______________________________________________________________________________

--82I3+IH0IqGh5yIs
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj5wxn0ACgkQaqoBO7ipriGFTQCgl+oHUwQyHmiTvNacaAT0Evv6
QNYAn1YlH9FP1SLXKYUBPp/4CtoqoCAL
=qoHO
-----END PGP SIGNATURE-----

--82I3+IH0IqGh5yIs--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC