---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated sendmail packages fix critical security issues
Advisory ID:       RHSA-2003:073-06
Issue date:        2003-02-07
Updated on:        2003-03-03
Product:           Red Hat Linux
Keywords:          sendmail smrsh security bug
Cross references:
Obsoletes:         RHSA-2002:106
CVE Names:         CAN-2002-1337
---------------------------------------------------------------------

1. Topic:

Updated Sendmail packages are available to fix a vulnerability that
may allow remote attackers to gain root privileges by sending a
carefully crafted message.

These packages also fix a security bug if sendmail is configured to use smrsh.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - i386
Red Hat Linux 7.0 - i386
Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386

3. Problem description:

Sendmail is a widely used Mail Transport Agent (MTA) which is included
in all Red Hat Linux distributions.

During a code audit of Sendmail by ISS, a critical vulnerability was
uncovered that affects unpatched versions of Sendmail prior to version
8.12.8.  A remote attacker can send a carefully crafted email message
which, when processed by sendmail, causes arbitrary code to be
executed as root.

We are advised that a proof-of-concept exploit is known to exist, but
is not believed to be in the wild.

Since this is a message-based vulnerability, MTAs other than Sendmail
may pass on the carefully crafted message.  This means that unpatched
versions of Sendmail inside a network could still be at risk even if
they do not accept external connections directly.

In addition, the restricted shell (SMRSH) in Sendmail  allows attackers to
bypass the intended restrictions of smrsh by inserting additional commands
after "||" sequences or "/" characters, which are not properly filtered or
verified.  A sucessful attack would allow an attacker who has a local
account on a system which has explicitly enabled smrsh to execute arbitrary
binaries as themselves by utilizing their .forward file.

All users are advised to update to these erratum packages.  For Red Hat
Linux 8.0 we have included Sendmail version 8.12.8 which is not vulnerable
to these issues.  For all other distributions we have included a backported
patch which corrects these vulnerabilities.

Red Hat would like to thank Eric Allman for his assistance with this
vulnerability.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 6.2:

SRPMS: 
 

i386: 
  
  
 

Red Hat Linux 7.0:

SRPMS: 
 

i386: 
  
  
  
 

Red Hat Linux 7.1:

SRPMS: 
 

i386: 
  
  
  
 

Red Hat Linux 7.2:

SRPMS: 
 

i386: 
  
  
  
 

ia64: 
  
  
  
 

Red Hat Linux 7.3:

SRPMS: 
 

i386: 
  
  
  
 

Red Hat Linux 8.0:

SRPMS: 
 

i386: 
  
  
  
 



6. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
35d83351ea84fdae048b3e6f556bfc4a 6.2/en/os/SRPMS/sendmail-8.11.6-1.62.2.src.rpm
71ddff0b307887232ad2b57c6f828dbd 6.2/en/os/i386/sendmail-8.11.6-1.62.2.i386.rpm
3b398feb4f97b05873a864be5d914ee8 6.2/en/os/i386/sendmail-cf-8.11.6-1.62.2.i386.rpm
ba2e0d80e5efc7fe3ba2d55f9caa9cb1 6.2/en/os/i386/sendmail-doc-8.11.6-1.62.2.i386.rpm
e3a9eb220d844e1e3a1bd84ada63c853 7.0/en/os/SRPMS/sendmail-8.11.6-23.70.src.rpm
f3bdb70c4b1d95d10a827db33bf77a46 7.0/en/os/i386/sendmail-8.11.6-23.70.i386.rpm
e7a8c264257e207d18257dfe075a5fd1 7.0/en/os/i386/sendmail-cf-8.11.6-23.70.i386.rpm
c6cf8af32a436d42d0982b99260ce811 7.0/en/os/i386/sendmail-devel-8.11.6-23.70.i386.rpm
ba9251c4ed7fc2916e27c8bc406d7f58 7.0/en/os/i386/sendmail-doc-8.11.6-23.70.i386.rpm
c2eb6d0135dc60e83506f0c20148822c 7.1/en/os/SRPMS/sendmail-8.11.6-23.71.src.rpm
c3a518db2157a56edc5a94f42c32f8db 7.1/en/os/i386/sendmail-8.11.6-23.71.i386.rpm
6cb3a88c447b56f37d0ebba1df4adb23 7.1/en/os/i386/sendmail-cf-8.11.6-23.71.i386.rpm
f2fa0e42d15c723c33c876ea075b4508 7.1/en/os/i386/sendmail-devel-8.11.6-23.71.i386.rpm
2cee572aa2fe1eddb3d22f7ab4d43a20 7.1/en/os/i386/sendmail-doc-8.11.6-23.71.i386.rpm
854ee4390631bdcb818fe6cdc132f7da 7.2/en/os/SRPMS/sendmail-8.11.6-23.72.src.rpm
dbce6be563a5642400d0a8a9e97f88fc 7.2/en/os/i386/sendmail-8.11.6-23.72.i386.rpm
92b8773b155b2cce446645dd55842e87 7.2/en/os/i386/sendmail-cf-8.11.6-23.72.i386.rpm
d810fe7d6a61550e3b0ac3a509d00fed 7.2/en/os/i386/sendmail-devel-8.11.6-23.72.i386.rpm
722780636eb24b8168f8464817e21de4 7.2/en/os/i386/sendmail-doc-8.11.6-23.72.i386.rpm
e83825fb7552ad321cb09ecf86df4a29 7.2/en/os/ia64/sendmail-8.11.6-23.72.ia64.rpm
70e2f72dffad5ec8565dc957f5c0b111 7.2/en/os/ia64/sendmail-cf-8.11.6-23.72.ia64.rpm
8d86d83586e75cbd03f7bccdfb5b97f2 7.2/en/os/ia64/sendmail-devel-8.11.6-23.72.ia64.rpm
16eac17677891e77e8eb70bf76dac135 7.2/en/os/ia64/sendmail-doc-8.11.6-23.72.ia64.rpm
2049d17db0e321ba6028ee4a7ca2ae93 7.3/en/os/SRPMS/sendmail-8.11.6-23.73.src.rpm
ce6852e4c389405bed1f498514b5fa0f 7.3/en/os/i386/sendmail-8.11.6-23.73.i386.rpm
f994f26ab50b8141ec27a6b04e819d37 7.3/en/os/i386/sendmail-cf-8.11.6-23.73.i386.rpm
d6da03d08cdd8e9933616c0e66841302 7.3/en/os/i386/sendmail-devel-8.11.6-23.73.i386.rpm
5fb65ba4b8e91d9d87451e2d1400411f 7.3/en/os/i386/sendmail-doc-8.11.6-23.73.i386.rpm
29d277537beb532d6b5f48ad30d81d45 8.0/en/os/SRPMS/sendmail-8.12.8-1.80.src.rpm
8bba0d1400ab2e96e3d3c78ce5015597 8.0/en/os/i386/sendmail-8.12.8-1.80.i386.rpm
55ef5ca9c777278eddd48e365ba471c2 8.0/en/os/i386/sendmail-cf-8.12.8-1.80.i386.rpm
87aecce2ae343a69fe1df716b5e89685 8.0/en/os/i386/sendmail-devel-8.12.8-1.80.i386.rpm
d945b47a44597e5da06f79658e38b9d8 8.0/en/os/i386/sendmail-doc-8.12.8-1.80.i386.rpm


These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at  About

You can verify each package with the following command:

    rpm --checksig -v 

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:

    md5sum 


7. References:
 
2003 CERT Advisories 
http://marc.theaimsgroup.com/?l=bugtraq&m=103350914307274 
CVE -CVE-2002-1337

8. Contact:

The Red Hat security contact is <security@RedHat.com>.  More contact
details at  All Red Hat products

Copyright 2003 Red Hat, Inc.

RedHat: sendmail Remote vulnerability

Updated Sendmail packages are available to fix a vulnerability thatmay allow remote attackers to gain root privileges by sending acarefully crafted message.

Summary



Summary

Sendmail is a widely used Mail Transport Agent (MTA) which is includedin all Red Hat Linux distributions.During a code audit of Sendmail by ISS, a critical vulnerability wasuncovered that affects unpatched versions of Sendmail prior to version8.12.8. A remote attacker can send a carefully crafted email messagewhich, when processed by sendmail, causes arbitrary code to beexecuted as root.We are advised that a proof-of-concept exploit is known to exist, butis not believed to be in the wild.Since this is a message-based vulnerability, MTAs other than Sendmailmay pass on the carefully crafted message. This means that unpatchedversions of Sendmail inside a network could still be at risk even ifthey do not accept external connections directly.In addition, the restricted shell (SMRSH) in Sendmail allows attackers tobypass the intended restrictions of smrsh by inserting additional commandsafter "||" sequences or "/" characters, which are not properly filtered orverified. A sucessful attack would allow an attacker who has a localaccount on a system which has explicitly enabled smrsh to execute arbitrarybinaries as themselves by utilizing their .forward file.All users are advised to update to these erratum packages. For Red HatLinux 8.0 we have included Sendmail version 8.12.8 which is not vulnerableto these issues. For all other distributions we have included a backportedpatch which corrects these vulnerabilities.Red Hat would like to thank Eric Allman for his assistance with thisvulnerability.


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.
Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. RPMs required:
Red Hat Linux 6.2:
SRPMS:

i386:



Red Hat Linux 7.0:
SRPMS:

i386:




Red Hat Linux 7.1:
SRPMS:

i386:




Red Hat Linux 7.2:
SRPMS:

i386:




ia64:




Red Hat Linux 7.3:
SRPMS:

i386:




Red Hat Linux 8.0:
SRPMS:

i386:






6. Verification:
MD5 sum Package Name 35d83351ea84fdae048b3e6f556bfc4a 6.2/en/os/SRPMS/sendmail-8.11.6-1.62.2.src.rpm 71ddff0b307887232ad2b57c6f828dbd 6.2/en/os/i386/sendmail-8.11.6-1.62.2.i386.rpm 3b398feb4f97b05873a864be5d914ee8 6.2/en/os/i386/sendmail-cf-8.11.6-1.62.2.i386.rpm ba2e0d80e5efc7fe3ba2d55f9caa9cb1 6.2/en/os/i386/sendmail-doc-8.11.6-1.62.2.i386.rpm e3a9eb220d844e1e3a1bd84ada63c853 7.0/en/os/SRPMS/sendmail-8.11.6-23.70.src.rpm f3bdb70c4b1d95d10a827db33bf77a46 7.0/en/os/i386/sendmail-8.11.6-23.70.i386.rpm e7a8c264257e207d18257dfe075a5fd1 7.0/en/os/i386/sendmail-cf-8.11.6-23.70.i386.rpm c6cf8af32a436d42d0982b99260ce811 7.0/en/os/i386/sendmail-devel-8.11.6-23.70.i386.rpm ba9251c4ed7fc2916e27c8bc406d7f58 7.0/en/os/i386/sendmail-doc-8.11.6-23.70.i386.rpm c2eb6d0135dc60e83506f0c20148822c 7.1/en/os/SRPMS/sendmail-8.11.6-23.71.src.rpm c3a518db2157a56edc5a94f42c32f8db 7.1/en/os/i386/sendmail-8.11.6-23.71.i386.rpm 6cb3a88c447b56f37d0ebba1df4adb23 7.1/en/os/i386/sendmail-cf-8.11.6-23.71.i386.rpm f2fa0e42d15c723c33c876ea075b4508 7.1/en/os/i386/sendmail-devel-8.11.6-23.71.i386.rpm 2cee572aa2fe1eddb3d22f7ab4d43a20 7.1/en/os/i386/sendmail-doc-8.11.6-23.71.i386.rpm 854ee4390631bdcb818fe6cdc132f7da 7.2/en/os/SRPMS/sendmail-8.11.6-23.72.src.rpm dbce6be563a5642400d0a8a9e97f88fc 7.2/en/os/i386/sendmail-8.11.6-23.72.i386.rpm 92b8773b155b2cce446645dd55842e87 7.2/en/os/i386/sendmail-cf-8.11.6-23.72.i386.rpm d810fe7d6a61550e3b0ac3a509d00fed 7.2/en/os/i386/sendmail-devel-8.11.6-23.72.i386.rpm 722780636eb24b8168f8464817e21de4 7.2/en/os/i386/sendmail-doc-8.11.6-23.72.i386.rpm e83825fb7552ad321cb09ecf86df4a29 7.2/en/os/ia64/sendmail-8.11.6-23.72.ia64.rpm 70e2f72dffad5ec8565dc957f5c0b111 7.2/en/os/ia64/sendmail-cf-8.11.6-23.72.ia64.rpm 8d86d83586e75cbd03f7bccdfb5b97f2 7.2/en/os/ia64/sendmail-devel-8.11.6-23.72.ia64.rpm 16eac17677891e77e8eb70bf76dac135 7.2/en/os/ia64/sendmail-doc-8.11.6-23.72.ia64.rpm 2049d17db0e321ba6028ee4a7ca2ae93 7.3/en/os/SRPMS/sendmail-8.11.6-23.73.src.rpm ce6852e4c389405bed1f498514b5fa0f 7.3/en/os/i386/sendmail-8.11.6-23.73.i386.rpm f994f26ab50b8141ec27a6b04e819d37 7.3/en/os/i386/sendmail-cf-8.11.6-23.73.i386.rpm d6da03d08cdd8e9933616c0e66841302 7.3/en/os/i386/sendmail-devel-8.11.6-23.73.i386.rpm 5fb65ba4b8e91d9d87451e2d1400411f 7.3/en/os/i386/sendmail-doc-8.11.6-23.73.i386.rpm 29d277537beb532d6b5f48ad30d81d45 8.0/en/os/SRPMS/sendmail-8.12.8-1.80.src.rpm 8bba0d1400ab2e96e3d3c78ce5015597 8.0/en/os/i386/sendmail-8.12.8-1.80.i386.rpm 55ef5ca9c777278eddd48e365ba471c2 8.0/en/os/i386/sendmail-cf-8.12.8-1.80.i386.rpm 87aecce2ae343a69fe1df716b5e89685 8.0/en/os/i386/sendmail-devel-8.12.8-1.80.i386.rpm d945b47a44597e5da06f79658e38b9d8 8.0/en/os/i386/sendmail-doc-8.12.8-1.80.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at About
You can verify each package with the following command:
rpm --checksig -v
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
md5sum

References

2003 CERT Advisories http://marc.theaimsgroup.com/?l=bugtraq&m=103350914307274 CVE -CVE-2002-1337

Package List


Severity
Advisory ID: RHSA-2003:073-06
Issued Date: : 2003-02-07
Updated on: 2003-03-03
Product: Red Hat Linux
Keywords: sendmail smrsh security bug
Cross references:
Obsoletes: RHSA-2002:106
CVE Names: CAN-2002-1337

Topic


Topic

Updated Sendmail packages are available to fix a vulnerability that

may allow remote attackers to gain root privileges by sending a

carefully crafted message.

These packages also fix a security bug if sendmail is configured to use smrsh.


 

Relevant Releases Architectures

Red Hat Linux 6.2 - i386

Red Hat Linux 7.0 - i386

Red Hat Linux 7.1 - i386

Red Hat Linux 7.2 - i386, ia64

Red Hat Linux 7.3 - i386

Red Hat Linux 8.0 - i386


Bugs Fixed


Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved