Skip to navigation

Security Advisory Updated sendmail packages fix critical security issues

Advisory: RHSA-2003:073-06
Type: Security Advisory
Severity: N/A
Issued on: 2003-02-07
Last updated on: 2003-03-12
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
CVEs (cve.mitre.org): CVE-2002-1165
CVE-2002-1337

Details

Updated Sendmail packages are available to fix a vulnerability that
may allow remote attackers to gain root privileges by sending a
carefully crafted message.

These packages also fix a security bug if sendmail is configured to use smrsh.

Sendmail is a widely used Mail Transport Agent (MTA) which is included
in all Red Hat Linux distributions.

During a code audit of Sendmail by ISS, a critical vulnerability was
uncovered that affects unpatched versions of Sendmail prior to version
8.12.8. A remote attacker can send a carefully crafted email message
which, when processed by sendmail, causes arbitrary code to be
executed as root.

We are advised that a proof-of-concept exploit is known to exist, but
is not believed to be in the wild.

Since this is a message-based vulnerability, MTAs other than Sendmail
may pass on the carefully crafted message. This means that unpatched
versions of Sendmail inside a network could still be at risk even if
they do not accept external connections directly.

In addition, the restricted shell (SMRSH) in Sendmail allows attackers to
bypass the intended restrictions of smrsh by inserting additional commands
after "||" sequences or "/" characters, which are not properly filtered or
verified. A sucessful attack would allow an attacker who has a local
account on a system which has explicitly enabled smrsh to execute arbitrary
binaries as themselves by utilizing their .forward file.

All users are advised to update to these erratum packages. For Red Hat
Linux 8.0 we have included Sendmail version 8.12.8 which is not vulnerable
to these issues. For all other distributions we have included a backported
patch which corrects these vulnerabilities.

Red Hat would like to thank Eric Allman for his assistance with this
vulnerability.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 6.2

SRPMS:
sendmail-8.11.6-1.62.2.src.rpm
File outdated by:  RHSA-2003:120
    MD5: 35d83351ea84fdae048b3e6f556bfc4a
 
IA-32:
sendmail-8.11.6-1.62.2.i386.rpm
File outdated by:  RHSA-2003:120
    MD5: 71ddff0b307887232ad2b57c6f828dbd
sendmail-cf-8.11.6-1.62.2.i386.rpm
File outdated by:  RHSA-2003:120
    MD5: 3b398feb4f97b05873a864be5d914ee8
sendmail-doc-8.11.6-1.62.2.i386.rpm
File outdated by:  RHSA-2003:120
    MD5: ba2e0d80e5efc7fe3ba2d55f9caa9cb1
 
Red Hat Linux 7.0

SRPMS:
sendmail-8.11.6-23.70.src.rpm
File outdated by:  RHSA-2003:120
    MD5: e3a9eb220d844e1e3a1bd84ada63c853
 
IA-32:
sendmail-8.11.6-23.70.i386.rpm
File outdated by:  RHSA-2003:120
    MD5: f3bdb70c4b1d95d10a827db33bf77a46
sendmail-cf-8.11.6-23.70.i386.rpm
File outdated by:  RHSA-2003:120
    MD5: e7a8c264257e207d18257dfe075a5fd1
sendmail-devel-8.11.6-23.70.i386.rpm
File outdated by:  RHSA-2003:120
    MD5: c6cf8af32a436d42d0982b99260ce811
sendmail-doc-8.11.6-23.70.i386.rpm
File outdated by:  RHSA-2003:120
    MD5: ba9251c4ed7fc2916e27c8bc406d7f58
 
Red Hat Linux 7.1

SRPMS:
sendmail-8.11.6-23.71.src.rpm
File outdated by:  RHSA-2003:283
    MD5: c2eb6d0135dc60e83506f0c20148822c
 
IA-32:
sendmail-8.11.6-23.71.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: c3a518db2157a56edc5a94f42c32f8db
sendmail-cf-8.11.6-23.71.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: 6cb3a88c447b56f37d0ebba1df4adb23
sendmail-devel-8.11.6-23.71.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: f2fa0e42d15c723c33c876ea075b4508
sendmail-doc-8.11.6-23.71.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: 2cee572aa2fe1eddb3d22f7ab4d43a20
 
Red Hat Linux 7.2

SRPMS:
sendmail-8.11.6-23.72.src.rpm
File outdated by:  RHSA-2003:283
    MD5: 854ee4390631bdcb818fe6cdc132f7da
 
IA-32:
sendmail-8.11.6-23.72.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: dbce6be563a5642400d0a8a9e97f88fc
sendmail-cf-8.11.6-23.72.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: 92b8773b155b2cce446645dd55842e87
sendmail-devel-8.11.6-23.72.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: d810fe7d6a61550e3b0ac3a509d00fed
sendmail-doc-8.11.6-23.72.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: 722780636eb24b8168f8464817e21de4
 
IA-64:
sendmail-8.11.6-23.72.ia64.rpm
File outdated by:  RHSA-2003:283
    MD5: e83825fb7552ad321cb09ecf86df4a29
sendmail-cf-8.11.6-23.72.ia64.rpm
File outdated by:  RHSA-2003:283
    MD5: 70e2f72dffad5ec8565dc957f5c0b111
sendmail-devel-8.11.6-23.72.ia64.rpm
File outdated by:  RHSA-2003:283
    MD5: 8d86d83586e75cbd03f7bccdfb5b97f2
sendmail-doc-8.11.6-23.72.ia64.rpm
File outdated by:  RHSA-2003:283
    MD5: 16eac17677891e77e8eb70bf76dac135
 
Red Hat Linux 7.3

IA-32:
sendmail-8.11.6-23.73.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: ce6852e4c389405bed1f498514b5fa0f
sendmail-cf-8.11.6-23.73.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: f994f26ab50b8141ec27a6b04e819d37
sendmail-devel-8.11.6-23.73.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: d6da03d08cdd8e9933616c0e66841302
sendmail-doc-8.11.6-23.73.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: 5fb65ba4b8e91d9d87451e2d1400411f
 
Red Hat Linux 8.0

IA-32:
sendmail-8.12.8-1.80.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: 8bba0d1400ab2e96e3d3c78ce5015597
sendmail-cf-8.12.8-1.80.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: 55ef5ca9c777278eddd48e365ba471c2
sendmail-devel-8.12.8-1.80.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: 87aecce2ae343a69fe1df716b5e89685
sendmail-doc-8.12.8-1.80.i386.rpm
File outdated by:  RHSA-2003:283
    MD5: d945b47a44597e5da06f79658e38b9d8
 

References


Keywords

bug, security, sendmail, smrsh


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/