Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » SCO CSSA-2003-016.0: sendmail buffer overflow

SCO CSSA-2003-016.0: sendmail buffer overflow

by Nikola Strahija on April 4th, 2003 There is a vulnerability in Sendmail that can be exploited to cause a denial of service attack and could allow remote attackers to execute arbitrary code.


______________________________________________________________________________

SCO Security Advisory

Subject: OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-12)
Advisory number: CSSA-2003-016.0
Issue date: 2003 April 03
Cross reference:
______________________________________________________________________________


1. Problem Description

From CERT CA-2003-12: There is a vulnerability in sendmail that
can be exploited to cause a denial-of-service condition and
could allow a remote attacker to execute arbitrary code with
the privileges of the sendmail daemon, typically root.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to sendmail-8.11.6-14.i386.rpm
prior to sendmail-cf-8.11.6-14.i386.rpm
prior to sendmail-doc-8.11.6-14.i386.rpm

OpenLinux 3.1.1 Workstation prior to sendmail-8.11.6-14.i386.rpm
prior to sendmail-cf-8.11.6-14.i386.rpm
prior to sendmail-doc-8.11.6-14.i386.rpm

OpenLinux 3.1 Server prior to sendmail-8.11.6-14.i386.rpm
prior to sendmail-cf-8.11.6-14.i386.rpm
prior to sendmail-doc-8.11.6-14.i386.rpm

OpenLinux 3.1 Workstation prior to sendmail-8.11.6-14.i386.rpm
prior to sendmail-cf-8.11.6-14.i386.rpm
prior to sendmail-doc-8.11.6-14.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/RPMS

4.2 Packages

accdca36710b2807c97d75f918b7a0b8 sendmail-8.11.6-14.i386.rpm
0103e9cf07d8b606214ead49c04611ed sendmail-cf-8.11.6-14.i386.rpm
e78e32f2a0a76b4ac0695a9a1c1a0ddd sendmail-doc-8.11.6-14.i386.rpm

4.3 Installation

rpm -Fvh sendmail-8.11.6-14.i386.rpm
rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-016.0/SRPMS

4.5 Source Packages

101b2fdd563a18c7d8e86e7d0f111294 sendmail-8.11.6-14.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-016.0/RPMS

5.2 Packages

d0b2a4dd15e53c0ca5c82add1187e914 sendmail-8.11.6-14.i386.rpm
da90eb543a25169681025eb777c7fdbd sendmail-cf-8.11.6-14.i386.rpm
b818b54c4faf6c4a0ecebc5b5d06f260 sendmail-doc-8.11.6-14.i386.rpm

5.3 Installation

rpm -Fvh sendmail-8.11.6-14.i386.rpm
rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-016.0/SRPMS

5.5 Source Packages

b8f82f1b4b8cf71c27133799d1552beb sendmail-8.11.6-14.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/RPMS

6.2 Packages

54ce66a6a7eb27b4bee77b9573542cd9 sendmail-8.11.6-14.i386.rpm
4965e3e93468cfebb9a543f8d09e8489 sendmail-cf-8.11.6-14.i386.rpm
2d4ebdfdc6725e03a7a7c7b773fb4cc8 sendmail-doc-8.11.6-14.i386.rpm

6.3 Installation

rpm -Fvh sendmail-8.11.6-14.i386.rpm
rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-016.0/SRPMS

6.5 Source Packages

40de3bdd9051e16f314441e47cb46f44 sendmail-8.11.6-14.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/RPMS

7.2 Packages

8cfbb054ce0c829363a7f47fdef3cccc sendmail-8.11.6-14.i386.rpm
67336fe8d54ff650a7304b2affb61194 sendmail-cf-8.11.6-14.i386.rpm
e2ece45c38ae7ab6e68add7372361999 sendmail-doc-8.11.6-14.i386.rpm

7.3 Installation

rpm -Fvh sendmail-8.11.6-14.i386.rpm
rpm -Fvh sendmail-cf-8.11.6-14.i386.rpm
rpm -Fvh sendmail-doc-8.11.6-14.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-016.0/SRPMS

7.5 Source Packages

c0b8bf532e09bc7e8682ef4f5d7d863a sendmail-8.11.6-14.src.rpm


8. References

Specific references for this advisory:

http://www.cert.org/advisories/CA-2003-12.html
http://www.kb.cert.org/vuls/id/897604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr876462, fz527631,
erg712278.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


10. Acknowledgements

Michal Zalewski discovered and researched
this vulnerability.

______________________________________________________________________________


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »