Security Advisory Updated sendmail packages fix vulnerability

Advisory: RHSA-2003:120-07
Type: Security Advisory
Severity: N/A
Issued on: 2003-03-31
Last updated on: 2003-03-31
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9
OVAL: N/A
CVEs (cve.mitre.org): CVE-2003-0161

Details

Updated Sendmail packages are available to fix a vulnerability that
allows local and possibly remote attackers to gain root privileges.

Sendmail is a widely used Mail Transport Agent (MTA) which is included
in all Red Hat Linux distributions.

There is a vulnerability in Sendmail versions prior to and including
8.12.8. The address parser performs insufficient bounds checking in certain
conditions due to a char to int conversion, making it possible for an
attacker to take control of the application. Although no exploit currently
exists, this issue is probably locally exploitable and may also be remotely
exploitable.

All users are advised to update to these erratum packages containing a
backported patch which corrects these vulnerabilities.

Red Hat would like to thank Michal Zalewski for finding and reporting this
issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 6.2
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/sendmail-8.11.6-1.62.3.src.rpm
Missing file		     25bec1ec6aff40327f051cf5400a55c8
 
IA-32:
ftp://updates.redhat.com/6.2/en/os/i386/sendmail-8.11.6-1.62.3.i386.rpm
Missing file		     98cbc533ab27d4145fca5d0b75697eba
ftp://updates.redhat.com/6.2/en/os/i386/sendmail-cf-8.11.6-1.62.3.i386.rpm
Missing file		     edb796a81e0916d27d768d5ea948762c
ftp://updates.redhat.com/6.2/en/os/i386/sendmail-doc-8.11.6-1.62.3.i386.rpm
Missing file		     d932f3df0f6ff85117b80099ef6018ba
 
Red Hat Linux 7.0
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/sendmail-8.11.6-25.70.src.rpm
Missing file		     2e9c2920c804174aa5b4b36376280a73
 
IA-32:
ftp://updates.redhat.com/7.0/en/os/i386/sendmail-8.11.6-25.70.i386.rpm
Missing file		     8a5d3dbd633a74e85129882ef4cb8949
ftp://updates.redhat.com/7.0/en/os/i386/sendmail-cf-8.11.6-25.70.i386.rpm
Missing file		     95ea041b1f867b375c0b51bbc7747195
ftp://updates.redhat.com/7.0/en/os/i386/sendmail-devel-8.11.6-25.70.i386.rpm
Missing file		     0ee0e855770c75ecbdba88a9fde57ba8
ftp://updates.redhat.com/7.0/en/os/i386/sendmail-doc-8.11.6-25.70.i386.rpm
Missing file		     ade66612e4e8397b58b98b5727e5e2a5
 
Red Hat Linux 7.1
SRPMS:
sendmail-8.11.6-25.71.src.rpm
File outdated by:  RHSA-2003:283		     835ddd29ba9d926cc74b154582d27bc6
 
IA-32:
sendmail-8.11.6-25.71.i386.rpm
File outdated by:  RHSA-2003:283		     0a107e87606aea194828f15091633a64
sendmail-cf-8.11.6-25.71.i386.rpm
File outdated by:  RHSA-2003:283		     d66b2716ea71021875e17f63c54753c1
sendmail-devel-8.11.6-25.71.i386.rpm
File outdated by:  RHSA-2003:283		     6b1b8871b4ed4ce67594222864dcf01a
sendmail-doc-8.11.6-25.71.i386.rpm
File outdated by:  RHSA-2003:283		     b78a97ca20b17a25b638fb4a9c958bf3
 
Red Hat Linux 7.2
SRPMS:
sendmail-8.11.6-25.72.src.rpm
File outdated by:  RHSA-2003:283		     8a4b2636b0bba80f4dfb7cab9b6d39b9
 
IA-32:
sendmail-8.11.6-25.72.i386.rpm
File outdated by:  RHSA-2003:283		     c55e36f27f0e871901634f2e569a27c0
sendmail-cf-8.11.6-25.72.i386.rpm
File outdated by:  RHSA-2003:283		     79eaee7161e16721db6de44c5c76e6f9
sendmail-devel-8.11.6-25.72.i386.rpm
File outdated by:  RHSA-2003:283		     d31c0978a188395bb164baa479882256
sendmail-doc-8.11.6-25.72.i386.rpm
File outdated by:  RHSA-2003:283		     5eb4102d16bf2a2b84a20405eed447a3
 
IA-64:
sendmail-8.11.6-25.72.ia64.rpm
File outdated by:  RHSA-2003:283		     42b3b6c89a1c6865490ccd6f972d24ed
sendmail-cf-8.11.6-25.72.ia64.rpm
File outdated by:  RHSA-2003:283		     38c3cec537424d7c558e7697e85ca08c
sendmail-devel-8.11.6-25.72.ia64.rpm
File outdated by:  RHSA-2003:283		     d2ff64efd64c91087f94723716c186fc
sendmail-doc-8.11.6-25.72.ia64.rpm
File outdated by:  RHSA-2003:283		     d07d3544200a58aca31e3e174dc0cfb9
 
Red Hat Linux 7.3
SRPMS:
sendmail-8.11.6-25.73.src.rpm
File outdated by:  RHSA-2003:283		     f3686bceb53446bcdb270a7b5560f2c6
 
IA-32:
sendmail-8.11.6-25.73.i386.rpm
File outdated by:  RHSA-2003:283		     4cfa915e89b4dd70ebe215666bade465
sendmail-cf-8.11.6-25.73.i386.rpm
File outdated by:  RHSA-2003:283		     760a980ca97b16e1f86008346e216bb5
sendmail-devel-8.11.6-25.73.i386.rpm
File outdated by:  RHSA-2003:283		     997c535e8794d4066b3539bd2ecb368e
sendmail-doc-8.11.6-25.73.i386.rpm
File outdated by:  RHSA-2003:283		     3dc5ae59b23a9cb349d722db77ded402
 
Red Hat Linux 8.0
SRPMS:
sendmail-8.12.8-5.80.src.rpm
File outdated by:  RHSA-2003:283		     aed187a50991bb1a20d09796b3f15369
 
IA-32:
sendmail-8.12.8-5.80.i386.rpm
File outdated by:  RHSA-2003:283		     4b437527303dd0794a9e0ebb8eb1aad4
sendmail-cf-8.12.8-5.80.i386.rpm
File outdated by:  RHSA-2003:283		     a3c07f2d84f60a5b04238b5034a12558
sendmail-devel-8.12.8-5.80.i386.rpm
File outdated by:  RHSA-2003:283		     0e17408c933de3cf5b6c448d0b4bb9d6
sendmail-doc-8.12.8-5.80.i386.rpm
File outdated by:  RHSA-2003:283		     ebff02d1f8a60a58fca72b6e556f82b6
 
Red Hat Linux 9
SRPMS:
sendmail-8.12.8-5.90.src.rpm
File outdated by:  RHSA-2003:283		     6890269d1da992a454b6d109d5d47db6
 
IA-32:
sendmail-8.12.8-5.90.i386.rpm
File outdated by:  RHSA-2003:283		     b6e03531852eeb3faddec11cbecbd207
sendmail-cf-8.12.8-5.90.i386.rpm
File outdated by:  RHSA-2003:283		     fcdcbe2bf542773ee00292c42c809b56
sendmail-devel-8.12.8-5.90.i386.rpm
File outdated by:  RHSA-2003:283		     8d8301e9286510343399703049ab7b43
sendmail-doc-8.12.8-5.90.i386.rpm
File outdated by:  RHSA-2003:283		     7b4126ee338184d9053c339433ab02f2
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0161

Keywords

sendmail

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/