Security Advisory Updated Sendmail packages fix vulnerability.

Advisory: RHSA-2003:283-09
Type: Security Advisory
Severity: N/A
Issued on: 2003-09-17
Last updated on: 2003-09-17
Affected Products: Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9
OVAL: N/A
CVEs (cve.mitre.org): CVE-2003-0681
CVE-2003-0694

Details

Updated Sendmail packages that fix a potentially-exploitable vulnerability
are now available.

Sendmail is a widely used Mail Transport Agent (MTA) and is included in all
Red Hat Linux distributions.


Michal Zalewski found a bug in the prescan() function of unpatched Sendmail
versions prior to 8.12.10. The sucessful exploitation of this bug can lead
to heap and stack structure overflows. Although no exploit currently
exists, this issue is locally exploitable and may also be remotely
exploitable. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0694 to this issue.

Additionally, for Red Hat Linux 8.0 and 9 we have included a fix for a
potential buffer overflow in ruleset parsing. This problem is not
exploitable in the default sendmail configuration; it is exploitable only
if non-standard rulesets recipient (2), final (4), or mailer-specific
envelope recipients rulesets are used. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0681 to
this issue.

All users are advised to update to these erratum packages containing a
backported patch which corrects these vulnerabilities.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate
Errors, you need to install a version of the up2date client with an updated
certificate. The latest version of up2date is available from the Red Hat
FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Linux 7.1
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/sendmail-8.11.6-27.71.src.rpm
Missing file		     675b4366f9894a73944ed8f91cea5c7d
 
IA-32:
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-8.11.6-27.71.i386.rpm
Missing file		     faed73b08e50794290423dd2b8c8bc9f
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-cf-8.11.6-27.71.i386.rpm
Missing file		     bf1cc813beded26219d81e7fb0a5cc8b
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-devel-8.11.6-27.71.i386.rpm
Missing file		     b3658219e5a31c2a788a828b80044581
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-doc-8.11.6-27.71.i386.rpm
Missing file		     4c47bae883878e661312561bb35fdd1d
 
Red Hat Linux 7.2
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/sendmail-8.11.6-27.72.src.rpm
Missing file		     0fc61a1454c0c4a06f35105bc2b497f3
 
IA-32:
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-8.11.6-27.72.i386.rpm
Missing file		     65054b5ca258e62afa68a6cc3439d64f
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-cf-8.11.6-27.72.i386.rpm
Missing file		     c4dfd211300fbadd2f7482c80094054b
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-devel-8.11.6-27.72.i386.rpm
Missing file		     24f6d31f51e7688bc261ffe4ee248280
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-doc-8.11.6-27.72.i386.rpm
Missing file		     213f9dbe89703c90eb970bf09121adfe
 
IA-64:
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-8.11.6-27.72.ia64.rpm
Missing file		     2fff7128169ae9a3a3cf4e7f3418a64a
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-cf-8.11.6-27.72.ia64.rpm
Missing file		     2ad3274246e74dad6462ce1d630b0fc9
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-devel-8.11.6-27.72.ia64.rpm
Missing file		     7c4330087840a86ad38e459879211768
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-doc-8.11.6-27.72.ia64.rpm
Missing file		     fae68ef232f32b3736964d2fdcea77de
 
Red Hat Linux 7.3
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/sendmail-8.11.6-27.73.src.rpm
Missing file		     afa8639444b6fc6b2889d18b34fcdc68
 
IA-32:
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-8.11.6-27.73.i386.rpm
Missing file		     9164913aa510c0c241646cf7134f6b4c
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-cf-8.11.6-27.73.i386.rpm
Missing file		     5ac5d48dbc80c817d384e1267452ef96
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-devel-8.11.6-27.73.i386.rpm
Missing file		     df4b107c15fdbfd8c7c97423956831d8
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-doc-8.11.6-27.73.i386.rpm
Missing file		     370ec17f86d5658b3f7f9adcf0102a69
 
Red Hat Linux 8.0
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/sendmail-8.12.8-9.80.src.rpm
Missing file		     368c156b23b89d1a0d7eb1cecb3011e2
 
IA-32:
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-8.12.8-9.80.i386.rpm
Missing file		     fbecae564b08ab535f846b089c8ca3a9
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-cf-8.12.8-9.80.i386.rpm
Missing file		     da5ede78cf6da018537a741bd4f1df70
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-devel-8.12.8-9.80.i386.rpm
Missing file		     66fdacc34440831977a571dfb6540e58
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-doc-8.12.8-9.80.i386.rpm
Missing file		     6afa3f6f6e79e4fbda7c5026cea277c7
 
Red Hat Linux 9
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/sendmail-8.12.8-9.90.src.rpm
Missing file		     870a1c9b2cf0e161ae7d0e78d0c080f4
 
IA-32:
ftp://updates.redhat.com/9/en/os/i386/sendmail-8.12.8-9.90.i386.rpm
Missing file		     2d2d9df08fa8084ceafb832d454ad543
ftp://updates.redhat.com/9/en/os/i386/sendmail-cf-8.12.8-9.90.i386.rpm
Missing file		     c44250016b8b353a1985fa4510a50327
ftp://updates.redhat.com/9/en/os/i386/sendmail-devel-8.12.8-9.90.i386.rpm
Missing file		     98dadb898089fc7952790f38cbe71f96
ftp://updates.redhat.com/9/en/os/i386/sendmail-doc-8.12.8-9.90.i386.rpm
Missing file		     bc6dadfb2f68215c09b876972f5c74b5
 

Bugs fixed (see bugzilla for more information)

104563 - CAN-2003-0694 Sendmail possible remote exploit


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0694
http://marc.theaimsgroup.com/?l=bugtraq&m=106381604923204&w=2
http://www.sendmail.org/8.12.10.html

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/