-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-12) Advisory number: CSSA-2003-016.0 Issue date: 2003 April 03 Cross reference: ______________________________________________________________________________ 1. Problem Description From CERT CA-2003-12: There is a vulnerability in sendmail that can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to sendmail-8.11.6-14.i386.rpm prior to sendmail-cf-8.11.6-14.i386.rpm prior to sendmail-doc-8.11.6-14.i386.rpm OpenLinux 3.1.1 Workstation prior to sendmail-8.11.6-14.i386.rpm prior to sendmail-cf-8.11.6-14.i386.rpm prior to sendmail-doc-8.11.6-14.i386.rpm OpenLinux 3.1 Server prior to sendmail-8.11.6-14.i386.rpm prior to sendmail-cf-8.11.6-14.i386.rpm prior to sendmail-doc-8.11.6-14.i386.rpm OpenLinux 3.1 Workstation prior to sendmail-8.11.6-14.i386.rpm prior to sendmail-cf-8.11.6-14.i386.rpm prior to sendmail-doc-8.11.6-14.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/RPMS 4.2 Packages accdca36710b2807c97d75f918b7a0b8 sendmail-8.11.6-14.i386.rpm 0103e9cf07d8b606214ead49c04611ed sendmail-cf-8.11.6-14.i386.rpm e78e32f2a0a76b4ac0695a9a1c1a0ddd sendmail-doc-8.11.6-14.i386.rpm 4.3 Installation rpm -Fvh sendmail-8.11.6-14.i386.rpm rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/SRPMS 4.5 Source Packages 101b2fdd563a18c7d8e86e7d0f111294 sendmail-8.11.6-14.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-016.0/RPMS 5.2 Packages d0b2a4dd15e53c0ca5c82add1187e914 sendmail-8.11.6-14.i386.rpm da90eb543a25169681025eb777c7fdbd sendmail-cf-8.11.6-14.i386.rpm b818b54c4faf6c4a0ecebc5b5d06f260 sendmail-doc-8.11.6-14.i386.rpm 5.3 Installation rpm -Fvh sendmail-8.11.6-14.i386.rpm rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-016.0/SRPMS 5.5 Source Packages b8f82f1b4b8cf71c27133799d1552beb sendmail-8.11.6-14.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/RPMS 6.2 Packages 54ce66a6a7eb27b4bee77b9573542cd9 sendmail-8.11.6-14.i386.rpm 4965e3e93468cfebb9a543f8d09e8489 sendmail-cf-8.11.6-14.i386.rpm 2d4ebdfdc6725e03a7a7c7b773fb4cc8 sendmail-doc-8.11.6-14.i386.rpm 6.3 Installation rpm -Fvh sendmail-8.11.6-14.i386.rpm rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm 6.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/SRPMS 6.5 Source Packages 40de3bdd9051e16f314441e47cb46f44 sendmail-8.11.6-14.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/RPMS 7.2 Packages 8cfbb054ce0c829363a7f47fdef3cccc sendmail-8.11.6-14.i386.rpm 67336fe8d54ff650a7304b2affb61194 sendmail-cf-8.11.6-14.i386.rpm e2ece45c38ae7ab6e68add7372361999 sendmail-doc-8.11.6-14.i386.rpm 7.3 Installation rpm -Fvh sendmail-8.11.6-14.i386.rpm rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm 7.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/SRPMS 7.5 Source Packages c0b8bf532e09bc7e8682ef4f5d7d863a sendmail-8.11.6-14.src.rpm 8. References Specific references for this advisory: http://www.cert.org/advisories/CA-2003-12.html http://www.kb.cert.org/vuls/id/897604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr876462, fz527631, erg712278. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 10. Acknowledgements Michal Zalewski discovered and researched this vulnerability. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj6MjBYACgkQbluZssSXDTH5agCgrNQKwc6Rii3vktDoNyUKhql7 gXYAoNGid+pLCmqU/3KQTsBhFnVUhE+k =6U1K -----END PGP SIGNATURE-----