SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Sendmail Vendors:   Sendmail Consortium
(SCO Issues Fix for OpenLinux) Sendmail Prescan Flaw May Let Remote Users Execute Arbitrary Code With Root Privileges
SecurityTracker Alert ID:  1008224
SecurityTracker URL:  http://securitytracker.com/id/1008224
CVE Reference:   CVE-2003-0694   (Links to External Site)
Date:  Nov 18 2003
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, Root access via local system, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.12.9 and prior versions
Description:   A vulnerability was reported in Sendmail. A local or remote user may be able to execute arbitrary code on the target system.

It is reported that the prescan() function in 'parseaddr.c' contains a flaw [that is different than previously reported prescan flaw]. The report states that various exploit methods are possible, but these exploit methods were not disclosed.

The report indicates that it is confirmed that a local user can exploit this flaw and it is believed that a remote user may also exploit this flaw.

Impact:   A local or remote user may be able to execute arbitrary code with the privileges of the sendmail process.
Solution:   SCO has released a fix for OpenLinux.

OpenLinux 3.1.1 Server:

Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-036.0/RPMS

Packages

d83fb7296cf6fce2d1af8212bda7dd46 sendmail-8.11.6-15.i386.rpm
ac25d7e2a9aaddcce08aad001b6d7241 sendmail-cf-8.11.6-15.i386.rpm
9f7b9c04f75384843ba6b54689236dc2 sendmail-doc-8.11.6-15.i386.rpm

Installation

rpm -Fvh sendmail-8.11.6-15.i386.rpm
rpm -Fvh sendmail-cf-8.11.6-15.i386.rpm
rpm -Fvh sendmail-doc-8.11.6-15.i386.rpm

Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-036.0/SRPMS

Source Packages

8b1dab8855ac4e1a25b336b58dcf1772 sendmail-8.11.6-15.src.rpm


OpenLinux 3.1.1 Workstation:

Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-036.0/RPMS

Packages

9931dfc45eb2d041278b9552bc9f2043 sendmail-8.11.6-15.i386.rpm
0fa48f065798774025c9359eac9bc293 sendmail-cf-8.11.6-15.i386.rpm
3619371879178cb82292c859a76208c6 sendmail-doc-8.11.6-15.i386.rpm

Installation

rpm -Fvh sendmail-8.11.6-15.i386.rpm
rpm -Fvh sendmail-cf-8.11.6-15.i386.rpm
rpm -Fvh sendmail-doc-8.11.6-15.i386.rpm

Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-036.0/SRPMS

Source Packages

960a4ed05febec0d0480114c75d29065 sendmail-8.11.6-15.src.rpm

Vendor URL:  www.sendmail.org/8.12.10.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Caldera/SCO)
Underlying OS Comments:  3.1.1

Message History:   This archive entry is a follow-up to the message listed below.
Sep 17 2003 Sendmail Prescan Flaw May Let Remote Users Execute Arbitrary Code With Root Privileges



 Source Message Contents

Subject:  OpenLinux: Sendmail prescan remotely exploitable vulnerability



To: announce@lists.caldera.com bugtraq@securityfocus.com full-disclosure@lists.netsys.com security-alerts@linuxsecurity.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenLinux: Sendmail prescan remotely exploitable vulnerability
Advisory number: 	CSSA-2003-036.0
Issue date: 		2003 November 17
Cross reference:	sr884726 fz528319 erg712432
______________________________________________________________________________


1. Problem Description

	There seems to be a remotely exploitable vulnerability affecting
	Sendmail up to including the latest version, 8.12.9. The problem
	lies in prescan() function. 

	CAN-2003-0694 The prescan function in Sendmail 8.12.9 allows 
	remote attackers to execute arbitrary code via buffer overflow 
	attacks, as demonstrated using the parseaddr function in 
	parseaddr.c.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------
	OpenLinux 3.1.1 Server		prior to sendmail-8.11.6-15.i386.rpm
					prior to sendmail-cf-8.11.6-15.i386.rpm
					prior to sendmail-doc-8.11.6-15.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to sendmail-8.11.6-15.i386.rpm
					prior to sendmail-cf-8.11.6-15.i386.rpm
					prior to sendmail-doc-8.11.6-15.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-036.0/RPMS

	4.2 Packages

	d83fb7296cf6fce2d1af8212bda7dd46	sendmail-8.11.6-15.i386.rpm
	ac25d7e2a9aaddcce08aad001b6d7241	sendmail-cf-8.11.6-15.i386.rpm
	9f7b9c04f75384843ba6b54689236dc2	sendmail-doc-8.11.6-15.i386.rpm

	4.3 Installation

	rpm -Fvh sendmail-8.11.6-15.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-15.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-15.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-036.0/SRPMS

	4.5 Source Packages

	8b1dab8855ac4e1a25b336b58dcf1772	sendmail-8.11.6-15.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-036.0/RPMS

	5.2 Packages

	9931dfc45eb2d041278b9552bc9f2043	sendmail-8.11.6-15.i386.rpm
	0fa48f065798774025c9359eac9bc293	sendmail-cf-8.11.6-15.i386.rpm
	3619371879178cb82292c859a76208c6	sendmail-doc-8.11.6-15.i386.rpm

	5.3 Installation

	rpm -Fvh sendmail-8.11.6-15.i386.rpm
	rpm -Fvh sendmail-cf-8.11.6-15.i386.rpm
	rpm -Fvh sendmail-doc-8.11.6-15.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-036.0/SRPMS

	5.5 Source Packages

	960a4ed05febec0d0480114c75d29065	sendmail-8.11.6-15.src.rpm


6. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr884726 fz528319
	erg712432.


7. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


8. Acknowledgements

	SCO would like to thank Michal Zalewski for reporting this issue.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/uUoLbluZssSXDTERAtloAJ9Gh5hQeibNQDSScVtGDfZWYSETCQCfczun
bPGaiOKrZ6xocUgaLCIqnoI=
=Nvds
-----END PGP SIGNATURE-----


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC