Updated sendmail packages fix vulnerabilities

Updated Sendmail packages are available for Red Hat Linux on IBM iSeries
and pSeries systems to fix a vulnerability that allows local and possibly
remote attackers to gain root privileges as well as a vulnerability that
may allow remote attackers to gain root privileges by sending a
carefully crafted message.

These packages additionally fix a security bug if sendmail is configured to
use smrsh.

Sendmail is a widely used Mail Transport Agent (MTA).

A vulnerability exists in unpatched Sendmail versions prior to and
including 8.12.8. The address parser performs insufficient bounds checking
in certain conditions due to a char to int conversion, making it possible
for an attacker to take control of the application. This issue is probably
locally exploitable and may also be remotely exploitable. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0161 to this issue.

During a code audit of Sendmail by ISS, a critical vulnerability was
uncovered that affects unpatched versions of Sendmail prior to version
8.12.8. A remote attacker can send a carefully crafted email message
which, when processed by Sendmail, causes arbitrary code to be
executed as root. A proof-of-concept exploit is reported to exist, but is
not believed to be publicly available.

Since this vulnerability is message-based, MTAs other than Sendmail
may pass on the carefully crafted message. This means that unpatched
versions of Sendmail inside a network could still be at risk even if
they do not accept external connections directly. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2002-1337 to this issue.

In addition, the restricted shell (SMRSH) in Sendmail allows attackers to
bypass the intended restrictions of smrsh by inserting additional commands
after "||" sequences or "/" characters, which are not properly filtered or
verified. A successful attack would allow an attacker who has a local
account on a system which has explicitly enabled smrsh to execute arbitrary
binaries as themselves by utilizing their .forward file. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2002-1165 to this issue.

All users are advised to update to these erratum packages containing
backported patches which correct these vulnerabilities.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

https://www.redhat.com/security/data/cve/CVE-2002-1165.html
https://www.redhat.com/security/data/cve/CVE-2002-1337.html
https://www.redhat.com/security/data/cve/CVE-2003-0161.html
http://www.cert.org/advisories/CA-2003-07.html
http://marc.theaimsgroup.com/?l=bugtraq&m=103350914307274