SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Sendmail Vendors:   Sendmail Consortium
(SCO Issues Fix for Caldera OpenLinux) Sendmail Buffer Overflow in Parsing Addresses May Let Remote or Local Users Execute Arbitrary Code With Root Privileges
SecurityTracker Alert ID:  1006465
SecurityTracker URL:  http://securitytracker.com/id/1006465
CVE Reference:   CVE-2003-0161   (Links to External Site)
Date:  Apr 4 2003
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.12.8 and prior versions
Description:   A buffer overflow vulnerability was reported in Sendmail in the address parsing code. A remote or local user could cause arbitrary code to be executed with root privileges.

The flaw reportedly resides in 'parseaddr.c' in a char to int variable conversion. Data received from untrusted sources, potentially including e-mail addresses or DNS domain names, that contain extended ASCII characters and that are longer than a certain size may be able to trigger the flaw and cause code to be executed.

The vendor is reporting this as a "critical security problem."

The vendor credits Michal Zalewski for reporting the flaw.

Impact:   A remote or local user could cause arbitrary code to be executed with root privileges.
Solution:   SCO has released a fix for OpenLinux.

OpenLinux 3.1.1 Server:

Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/RPMS

Packages

accdca36710b2807c97d75f918b7a0b8 sendmail-8.11.6-14.i386.rpm
0103e9cf07d8b606214ead49c04611ed sendmail-cf-8.11.6-14.i386.rpm
e78e32f2a0a76b4ac0695a9a1c1a0ddd sendmail-doc-8.11.6-14.i386.rpm

Installation

rpm -Fvh sendmail-8.11.6-14.i386.rpm
rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/SRPMS

Source Packages

101b2fdd563a18c7d8e86e7d0f111294 sendmail-8.11.6-14.src.rpm


OpenLinux 3.1.1 Workstation:

Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-016.0/RPMS

Packages

d0b2a4dd15e53c0ca5c82add1187e914 sendmail-8.11.6-14.i386.rpm
da90eb543a25169681025eb777c7fdbd sendmail-cf-8.11.6-14.i386.rpm
b818b54c4faf6c4a0ecebc5b5d06f260 sendmail-doc-8.11.6-14.i386.rpm

Installation

rpm -Fvh sendmail-8.11.6-14.i386.rpm
rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-016.0/SRPMS

Source Packages

b8f82f1b4b8cf71c27133799d1552beb sendmail-8.11.6-14.src.rpm


OpenLinux 3.1 Server:

Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/RPMS

Packages

54ce66a6a7eb27b4bee77b9573542cd9 sendmail-8.11.6-14.i386.rpm
4965e3e93468cfebb9a543f8d09e8489 sendmail-cf-8.11.6-14.i386.rpm
2d4ebdfdc6725e03a7a7c7b773fb4cc8 sendmail-doc-8.11.6-14.i386.rpm

Installation

rpm -Fvh sendmail-8.11.6-14.i386.rpm
rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/SRPMS

Source Packages

40de3bdd9051e16f314441e47cb46f44 sendmail-8.11.6-14.src.rpm


OpenLinux 3.1 Workstation:

Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/RPMS

Packages

8cfbb054ce0c829363a7f47fdef3cccc sendmail-8.11.6-14.i386.rpm
67336fe8d54ff650a7304b2affb61194 sendmail-cf-8.11.6-14.i386.rpm
e2ece45c38ae7ab6e68add7372361999 sendmail-doc-8.11.6-14.i386.rpm

Installation

rpm -Fvh sendmail-8.11.6-14.i386.rpm
rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/SRPMS

Source Packages

c0b8bf532e09bc7e8682ef4f5d7d863a sendmail-8.11.6-14.src.rpm

Vendor URL:  www.sendmail.org/8.12.9.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Caldera/SCO)
Underlying OS Comments:  OpenLinux 3.1, 3.1.1

Message History:   This archive entry is a follow-up to the message listed below.
Mar 29 2003 Sendmail Buffer Overflow in Parsing Addresses May Let Remote or Local Users Execute Arbitrary Code With Root Privileges



 Source Message Contents

Subject:  Security Update: [CSSA-2003-016.0] OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-12)


--xHFwDpU9dbj6ez1V
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@li=
nuxsecurity.com

___________________________________________________________________________=
___

			SCO Security Advisory

Subject:		OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-=
12)=20
Advisory number: 	CSSA-2003-016.0
Issue date: 		2003 April 03
Cross reference:
___________________________________________________________________________=
___


1. Problem Description

	From CERT CA-2003-12: There is a vulnerability in sendmail that
	can be exploited to cause a denial-of-service condition and
	could allow a remote attacker to execute arbitrary code with
	the privileges of the sendmail daemon, typically root.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to sendmail-8.11.6-14.i386.rpm
					prior to sendmail-cf-8.11.6-14.i386.rpm
					prior to sendmail-doc-8.11.6-14.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to sendmail-8.11.6-14.i386.rpm
					prior to sendmail-cf-8.11.6-14.i386.rpm
					prior to sendmail-doc-8.11.6-14.i386.rpm

	OpenLinux 3.1 Server		prior to sendmail-8.11.6-14.i386.rpm
					prior to sendmail-cf-8.11.6-14.i386.rpm
					prior to sendmail-doc-8.11.6-14.i386.rpm

	OpenLinux 3.1 Workstation	prior to sendmail-8.11.6-14.i386.rpm
					prior to sendmail-cf-8.11.6-14.i386.rpm
					prior to sendmail-doc-8.11.6-14.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/RPMS

	4.2 Packages

	accdca36710b2807c97d75f918b7a0b8	sendmail-8.11.6-14.i386.rpm
	0103e9cf07d8b606214ead49c04611ed	sendmail-cf-8.11.6-14.i386.rpm
	e78e32f2a0a76b4ac0695a9a1c1a0ddd	sendmail-doc-8.11.6-14.i386.rpm

	4.3 Installation

	rpm -Fvh sendmail-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/SRPMS

	4.5 Source Packages

	101b2fdd563a18c7d8e86e7d0f111294	sendmail-8.11.6-14.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-016.0/=
RPMS

	5.2 Packages

	d0b2a4dd15e53c0ca5c82add1187e914	sendmail-8.11.6-14.i386.rpm
	da90eb543a25169681025eb777c7fdbd	sendmail-cf-8.11.6-14.i386.rpm
	b818b54c4faf6c4a0ecebc5b5d06f260	sendmail-doc-8.11.6-14.i386.rpm

	5.3 Installation

	rpm -Fvh sendmail-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-016.0/=
SRPMS

	5.5 Source Packages

	b8f82f1b4b8cf71c27133799d1552beb	sendmail-8.11.6-14.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/RPMS

	6.2 Packages

	54ce66a6a7eb27b4bee77b9573542cd9	sendmail-8.11.6-14.i386.rpm
	4965e3e93468cfebb9a543f8d09e8489	sendmail-cf-8.11.6-14.i386.rpm
	2d4ebdfdc6725e03a7a7c7b773fb4cc8	sendmail-doc-8.11.6-14.i386.rpm

	6.3 Installation

	rpm -Fvh sendmail-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/SRPMS

	6.5 Source Packages

	40de3bdd9051e16f314441e47cb46f44	sendmail-8.11.6-14.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/RP=
MS

	7.2 Packages

	8cfbb054ce0c829363a7f47fdef3cccc	sendmail-8.11.6-14.i386.rpm
	67336fe8d54ff650a7304b2affb61194	sendmail-cf-8.11.6-14.i386.rpm
	e2ece45c38ae7ab6e68add7372361999	sendmail-doc-8.11.6-14.i386.rpm

	7.3 Installation

	rpm -Fvh sendmail-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/SR=
PMS

	7.5 Source Packages

	c0b8bf532e09bc7e8682ef4f5d7d863a	sendmail-8.11.6-14.src.rpm


8. References

	Specific references for this advisory:

		http://www.cert.org/advisories/CA-2003-12.html
		http://www.kb.cert.org/vuls/id/897604
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2003-0161

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr876462, fz527631,
	erg712278.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


10. Acknowledgements

	Michal Zalewski <lcamtuf@ghettot.org> discovered and researched
	this vulnerability.

___________________________________________________________________________=
___

--xHFwDpU9dbj6ez1V
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj6Me5cACgkQbluZssSXDTH4owCfRyEObD+/kGAQ0CETYc5putUR
WVQAn2UIUtWKLEX2fI0QvI5hNwStJnNx
=PFyk
-----END PGP SIGNATURE-----

--xHFwDpU9dbj6ez1V--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC