` 

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated Sendmail packages fix vulnerability.
Advisory ID:       RHSA-2003:283-01
Issue date:        2003-09-17
Updated on:        2003-09-17
Product:           Red Hat Linux
Keywords:          
Cross references:  
Obsoletes:         RHSA-2003:265
CVE Names:         CAN-2003-0694 CAN-2003-0681
- ---------------------------------------------------------------------

1. Topic:

Updated Sendmail packages that fix a potentially-exploitable vulnerability
are now available.

2. Relevant releases/architectures:

Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
Red Hat Linux 9 - i386

3. Problem description:

Sendmail is a widely used Mail Transport Agent (MTA) and is included in all
Red Hat Linux distributions.


Michal Zalewski found a bug in the prescan() function of unpatched Sendmail
versions prior to 8.12.10. The sucessful exploitation of this bug can lead
to heap and stack structure overflows.  Although no exploit currently
exists, this issue is locally exploitable and may also be remotely
exploitable. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0694 to this issue.

Additionally, for Red Hat Linux 8.0 and 9 we have included a fix for a
potential buffer overflow in ruleset parsing.  This problem is not
exploitable in the default sendmail configuration; it is exploitable only
if non-standard rulesets recipient (2), final (4), or mailer-specific
envelope recipients rulesets are used.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0681 to
this issue.

All users are advised to update to these erratum packages containing a
backported patch which corrects these vulnerabilities.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate 
Errors, you need to install a version of the up2date client with an updated 
certificate.  The latest version of up2date is available from the Red Hat 
FTP site and may also be downloaded directly from the RHN website:

 

5. Bug IDs fixed  (  for more info):

104563 - CAN-2003-0694 Sendmail possible remote exploit

6. RPMs required:

Red Hat Linux 7.1:

SRPMS: 
 

i386: 
  
  
  
 

Red Hat Linux 7.2:

SRPMS: 
 

i386: 
  
  
  
 

ia64: 
  
  
  
 

Red Hat Linux 7.3:

SRPMS: 
 

i386: 
  
  
  
 

Red Hat Linux 8.0:

SRPMS: 
 

i386: 
  
  
  
 

Red Hat Linux 9:

SRPMS: 
 

i386: 
  
  
  
 


7. Verification:

MD5 sum                          Package Name
- --------------------------------------------------------------------------
675b4366f9894a73944ed8f91cea5c7d 7.1/en/os/SRPMS/sendmail-8.11.6-27.71.src.rpm
faed73b08e50794290423dd2b8c8bc9f 7.1/en/os/i386/sendmail-8.11.6-27.71.i386.rpm
bf1cc813beded26219d81e7fb0a5cc8b 7.1/en/os/i386/sendmail-cf-8.11.6-27.71.i386.rpm
b3658219e5a31c2a788a828b80044581 7.1/en/os/i386/sendmail-devel-8.11.6-27.71.i386.rpm
4c47bae883878e661312561bb35fdd1d 7.1/en/os/i386/sendmail-doc-8.11.6-27.71.i386.rpm
0fc61a1454c0c4a06f35105bc2b497f3 7.2/en/os/SRPMS/sendmail-8.11.6-27.72.src.rpm
65054b5ca258e62afa68a6cc3439d64f 7.2/en/os/i386/sendmail-8.11.6-27.72.i386.rpm
c4dfd211300fbadd2f7482c80094054b 7.2/en/os/i386/sendmail-cf-8.11.6-27.72.i386.rpm
24f6d31f51e7688bc261ffe4ee248280 7.2/en/os/i386/sendmail-devel-8.11.6-27.72.i386.rpm
213f9dbe89703c90eb970bf09121adfe 7.2/en/os/i386/sendmail-doc-8.11.6-27.72.i386.rpm
2fff7128169ae9a3a3cf4e7f3418a64a 7.2/en/os/ia64/sendmail-8.11.6-27.72.ia64.rpm
2ad3274246e74dad6462ce1d630b0fc9 7.2/en/os/ia64/sendmail-cf-8.11.6-27.72.ia64.rpm
7c4330087840a86ad38e459879211768 7.2/en/os/ia64/sendmail-devel-8.11.6-27.72.ia64.rpm
fae68ef232f32b3736964d2fdcea77de 7.2/en/os/ia64/sendmail-doc-8.11.6-27.72.ia64.rpm
afa8639444b6fc6b2889d18b34fcdc68 7.3/en/os/SRPMS/sendmail-8.11.6-27.73.src.rpm
9164913aa510c0c241646cf7134f6b4c 7.3/en/os/i386/sendmail-8.11.6-27.73.i386.rpm
5ac5d48dbc80c817d384e1267452ef96 7.3/en/os/i386/sendmail-cf-8.11.6-27.73.i386.rpm
df4b107c15fdbfd8c7c97423956831d8 7.3/en/os/i386/sendmail-devel-8.11.6-27.73.i386.rpm
370ec17f86d5658b3f7f9adcf0102a69 7.3/en/os/i386/sendmail-doc-8.11.6-27.73.i386.rpm
368c156b23b89d1a0d7eb1cecb3011e2 8.0/en/os/SRPMS/sendmail-8.12.8-9.80.src.rpm
fbecae564b08ab535f846b089c8ca3a9 8.0/en/os/i386/sendmail-8.12.8-9.80.i386.rpm
da5ede78cf6da018537a741bd4f1df70 8.0/en/os/i386/sendmail-cf-8.12.8-9.80.i386.rpm
66fdacc34440831977a571dfb6540e58 8.0/en/os/i386/sendmail-devel-8.12.8-9.80.i386.rpm
6afa3f6f6e79e4fbda7c5026cea277c7 8.0/en/os/i386/sendmail-doc-8.12.8-9.80.i386.rpm
870a1c9b2cf0e161ae7d0e78d0c080f4 9/en/os/SRPMS/sendmail-8.12.8-9.90.src.rpm
2d2d9df08fa8084ceafb832d454ad543 9/en/os/i386/sendmail-8.12.8-9.90.i386.rpm
c44250016b8b353a1985fa4510a50327 9/en/os/i386/sendmail-cf-8.12.8-9.90.i386.rpm
98dadb898089fc7952790f38cbe71f96 9/en/os/i386/sendmail-devel-8.12.8-9.90.i386.rpm
bc6dadfb2f68215c09b876972f5c74b5 9/en/os/i386/sendmail-doc-8.12.8-9.90.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key is
available from https://access.redhat.com/security/team/key

You can verify each package with the following command:
    
    rpm --checksig -v 

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum 


8. References:
 
http://marc.theaimsgroup.com/?l=bugtraq&m=106381604923204&w=2 
Sendmail Open Source - Open Source Email Server | Proofpoint US 
CVE -CVE-2003-0694 
CVE -CVE-2003-0681

9. Contact:

The Red Hat security contact is <secalert@RedHat.com>.  More contact
details at https://www.redhat.com/en/technologies/all-products

Copyright 2003 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/aPIeXlSAg2UNWIIRAtLyAJ95/RGZ8+MVxCtdQIyIvdld6qzWmgCgvIS2
4BxeY7F3ZN1MzjXJkfsGweI=1iy9
-----END PGP SIGNATURE-----
`

RedHat: sendmail Multiple overflow vulnerabilities

Updated Sendmail packages that fix a potentially-exploitable vulnerabilityare now available

Summary



Summary

Sendmail is a widely used Mail Transport Agent (MTA) and is included in allRed Hat Linux distributions.Michal Zalewski found a bug in the prescan() function of unpatched Sendmailversions prior to 8.12.10. The sucessful exploitation of this bug can leadto heap and stack structure overflows. Although no exploit currentlyexists, this issue is locally exploitable and may also be remotelyexploitable. The Common Vulnerabilities and Exposures project(cve.mitre.org) has assigned the name CAN-2003-0694 to this issue.Additionally, for Red Hat Linux 8.0 and 9 we have included a fix for apotential buffer overflow in ruleset parsing. This problem is notexploitable in the default sendmail configuration; it is exploitable onlyif non-standard rulesets recipient (2), final (4), or mailer-specificenvelope recipients rulesets are used. The Common Vulnerabilities andExposures project (cve.mitre.org) has assigned the name CAN-2003-0681 tothis issue.All users are advised to update to these erratum packages containing abackported patch which corrects these vulnerabilities.


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.
Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website:


5. Bug IDs fixed ( for more info):
104563 - CAN-2003-0694 Sendmail possible remote exploit
6. RPMs required:
Red Hat Linux 7.1:
SRPMS:

i386:




Red Hat Linux 7.2:
SRPMS:

i386:




ia64:




Red Hat Linux 7.3:
SRPMS:

i386:




Red Hat Linux 8.0:
SRPMS:

i386:




Red Hat Linux 9:
SRPMS:

i386:





7. Verification:
MD5 sum Package Name 675b4366f9894a73944ed8f91cea5c7d 7.1/en/os/SRPMS/sendmail-8.11.6-27.71.src.rpm faed73b08e50794290423dd2b8c8bc9f 7.1/en/os/i386/sendmail-8.11.6-27.71.i386.rpm bf1cc813beded26219d81e7fb0a5cc8b 7.1/en/os/i386/sendmail-cf-8.11.6-27.71.i386.rpm b3658219e5a31c2a788a828b80044581 7.1/en/os/i386/sendmail-devel-8.11.6-27.71.i386.rpm 4c47bae883878e661312561bb35fdd1d 7.1/en/os/i386/sendmail-doc-8.11.6-27.71.i386.rpm 0fc61a1454c0c4a06f35105bc2b497f3 7.2/en/os/SRPMS/sendmail-8.11.6-27.72.src.rpm 65054b5ca258e62afa68a6cc3439d64f 7.2/en/os/i386/sendmail-8.11.6-27.72.i386.rpm c4dfd211300fbadd2f7482c80094054b 7.2/en/os/i386/sendmail-cf-8.11.6-27.72.i386.rpm 24f6d31f51e7688bc261ffe4ee248280 7.2/en/os/i386/sendmail-devel-8.11.6-27.72.i386.rpm 213f9dbe89703c90eb970bf09121adfe 7.2/en/os/i386/sendmail-doc-8.11.6-27.72.i386.rpm 2fff7128169ae9a3a3cf4e7f3418a64a 7.2/en/os/ia64/sendmail-8.11.6-27.72.ia64.rpm 2ad3274246e74dad6462ce1d630b0fc9 7.2/en/os/ia64/sendmail-cf-8.11.6-27.72.ia64.rpm 7c4330087840a86ad38e459879211768 7.2/en/os/ia64/sendmail-devel-8.11.6-27.72.ia64.rpm fae68ef232f32b3736964d2fdcea77de 7.2/en/os/ia64/sendmail-doc-8.11.6-27.72.ia64.rpm afa8639444b6fc6b2889d18b34fcdc68 7.3/en/os/SRPMS/sendmail-8.11.6-27.73.src.rpm 9164913aa510c0c241646cf7134f6b4c 7.3/en/os/i386/sendmail-8.11.6-27.73.i386.rpm 5ac5d48dbc80c817d384e1267452ef96 7.3/en/os/i386/sendmail-cf-8.11.6-27.73.i386.rpm df4b107c15fdbfd8c7c97423956831d8 7.3/en/os/i386/sendmail-devel-8.11.6-27.73.i386.rpm 370ec17f86d5658b3f7f9adcf0102a69 7.3/en/os/i386/sendmail-doc-8.11.6-27.73.i386.rpm 368c156b23b89d1a0d7eb1cecb3011e2 8.0/en/os/SRPMS/sendmail-8.12.8-9.80.src.rpm fbecae564b08ab535f846b089c8ca3a9 8.0/en/os/i386/sendmail-8.12.8-9.80.i386.rpm da5ede78cf6da018537a741bd4f1df70 8.0/en/os/i386/sendmail-cf-8.12.8-9.80.i386.rpm 66fdacc34440831977a571dfb6540e58 8.0/en/os/i386/sendmail-devel-8.12.8-9.80.i386.rpm 6afa3f6f6e79e4fbda7c5026cea277c7 8.0/en/os/i386/sendmail-doc-8.12.8-9.80.i386.rpm 870a1c9b2cf0e161ae7d0e78d0c080f4 9/en/os/SRPMS/sendmail-8.12.8-9.90.src.rpm 2d2d9df08fa8084ceafb832d454ad543 9/en/os/i386/sendmail-8.12.8-9.90.i386.rpm c44250016b8b353a1985fa4510a50327 9/en/os/i386/sendmail-cf-8.12.8-9.90.i386.rpm 98dadb898089fc7952790f38cbe71f96 9/en/os/i386/sendmail-devel-8.12.8-9.90.i386.rpm bc6dadfb2f68215c09b876972f5c74b5 9/en/os/i386/sendmail-doc-8.12.8-9.90.i386.rpm
These packages are GPG signed by Red Hat for security. Our key is available from https://access.redhat.com/security/team/key
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
md5sum

References

http://marc.theaimsgroup.com/?l=bugtraq&m=106381604923204&w=2 Sendmail Open Source - Open Source Email Server | Proofpoint US CVE -CVE-2003-0694 CVE -CVE-2003-0681

Package List


Severity
Advisory ID: RHSA-2003:283-01
Issued Date: : 2003-09-17
Updated on: 2003-09-17
Product: Red Hat Linux
Keywords:
Cross references:
Obsoletes: RHSA-2003:265
CVE Names: CAN-2003-0694 CAN-2003-0681

Topic


Topic

Updated Sendmail packages that fix a potentially-exploitable vulnerability

are now available.


 

Relevant Releases Architectures

Red Hat Linux 7.1 - i386

Red Hat Linux 7.2 - i386, ia64

Red Hat Linux 7.3 - i386

Red Hat Linux 8.0 - i386

Red Hat Linux 9 - i386


Bugs Fixed


Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved