Updated Sendmail packages are available for Red Hat Linux on IBM iSeries
and pSeries systems to fix a vulnerability that allows local and possibly
remote attackers to gain root privileges as well as a vulnerability that
may allow remote attackers to gain root privileges by sending a
carefully crafted message.
These packages additionally fix a security bug if sendmail is configured to
use smrsh.
Sendmail is a widely used Mail Transport Agent (MTA).
A vulnerability exists in unpatched Sendmail versions prior to and
including 8.12.8. The address parser performs insufficient bounds checking
in certain conditions due to a char to int conversion, making it possible
for an attacker to take control of the application. This issue is probably
locally exploitable and may also be remotely exploitable. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0161 to this issue.
During a code audit of Sendmail by ISS, a critical vulnerability was
uncovered that affects unpatched versions of Sendmail prior to version
8.12.8. A remote attacker can send a carefully crafted email message
which, when processed by Sendmail, causes arbitrary code to be
executed as root. A proof-of-concept exploit is reported to exist, but is
not believed to be publicly available.
Since this vulnerability is message-based, MTAs other than Sendmail
may pass on the carefully crafted message. This means that unpatched
versions of Sendmail inside a network could still be at risk even if
they do not accept external connections directly. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2002-1337 to this issue.
In addition, the restricted shell (SMRSH) in Sendmail allows attackers to
bypass the intended restrictions of smrsh by inserting additional commands
after "||" sequences or "/" characters, which are not properly filtered or
verified. A successful attack would allow an attacker who has a local
account on a system which has explicitly enabled smrsh to execute arbitrary
binaries as themselves by utilizing their .forward file. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2002-1165 to this issue.
All users are advised to update to these erratum packages containing
backported patches which correct these vulnerabilities.
| Red Hat Linux 7.1 for iSeries |
|
| SRPMS: |
ftp://updates.redhat.com/7.1/en/os/iSeries/SRPMS/sendmail-8.11.6-25.71.src.rpm
Missing file |
835ddd29ba9d926cc74b154582d27bc6 |
| |
| iSeries: |
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/sendmail-8.11.6-25.71.ppc.rpm
Missing file |
114ed70e81883989b1eb276ccd177611 |
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/sendmail-cf-8.11.6-25.71.ppc.rpm
Missing file |
fa2d139ab2e5f7f5086bb9fdcbfb8712 |
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/sendmail-devel-8.11.6-25.71.ppc.rpm
Missing file |
37fa2f14df50a4f5e96a6845bbbb6e88 |
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/sendmail-doc-8.11.6-25.71.ppc.rpm
Missing file |
778fdb00c2c5425b6fd49fdb041e1c53 |
| |
| Red Hat Linux 7.1 for pSeries |
|
| SRPMS: |
ftp://updates.redhat.com/7.1/en/os/pSeries/SRPMS/sendmail-8.11.6-25.71.src.rpm
Missing file |
835ddd29ba9d926cc74b154582d27bc6 |
| |
| pSeries: |
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/sendmail-8.11.6-25.71.ppc.rpm
Missing file |
114ed70e81883989b1eb276ccd177611 |
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/sendmail-cf-8.11.6-25.71.ppc.rpm
Missing file |
fa2d139ab2e5f7f5086bb9fdcbfb8712 |
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/sendmail-devel-8.11.6-25.71.ppc.rpm
Missing file |
37fa2f14df50a4f5e96a6845bbbb6e88 |
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/sendmail-doc-8.11.6-25.71.ppc.rpm
Missing file |
778fdb00c2c5425b6fd49fdb041e1c53 |
| |
Updated sendmail packages fix vulnerabilities