Sendmail Asynchronous Signal Handling Remote Code Execution Vulnerability

Sendmail Asynchronous Signal Handling Remote Code Execution Vulnerability

Solution:
The vendor has released version 8.13.6 to address this issue.

Please see the referenced advisories for more information and fixes.

OpenBSD OpenBSD 3.0

OpenBSD 001_sendmail.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/001_sendmail.patc h

IBM AIX 5.1

IBM IY82992
AIX 5.1.0:
http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html

IBM sendmail_vu834865.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/sendmail_vu834865.tar.Z

HP HP-UX B.11.11

HP PHNE_35484
http://itrc.hp.com

OpenBSD OpenBSD 3.1

OpenBSD 001_sendmail.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/001_sendmail.patc h

HP HP-UX B.11.00

HP PHNE_35483
http://itrc.hp.com

OpenBSD OpenBSD 3.5

OpenBSD 001_sendmail.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/001_sendmail.patc h

OpenBSD OpenBSD 2.3

OpenBSD 001_sendmail.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/001_sendmail.patc h

OpenBSD OpenBSD 2.5

OpenBSD 001_sendmail.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/001_sendmail.patc h

FreeBSD FreeBSD 4.8 -PRERELEASE

FreeBSD sendmail.patch
sendmail.patch has been verified to apply to FreeBSD 5.1, 4.8,and 4.7 systems.
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:13/sendmail.patch

FreeBSD sendmail.patch.asc
sendmail.patch has been verified to apply to FreeBSD 5.1, 4.8,and 4.7 systems.
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:13/sendmail.patch .asc

FreeBSD FreeBSD 4.8

FreeBSD sendmail.patch
sendmail.patch has been verified to apply to FreeBSD 5.1, 4.8,and 4.7 systems.
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:13/sendmail.patch

FreeBSD sendmail.patch.asc
sendmail.patch has been verified to apply to FreeBSD 5.1, 4.8,and 4.7 systems.
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:13/sendmail.patch .asc

SCO Unixware 7.1.4

SCO SCOSA-2006.24
UnixWare 7.1.3, 7.14
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24

Sendmail Consortium Sendmail 8.11.2

Sendmail Consortium Sendmail 8.13.6
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.6.tar.gz

Sendmail Consortium Sendmail 8.12 beta5

Sendmail Consortium Sendmail 8.13.6
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.6.tar.gz

Sendmail Consortium Sendmail 8.12.1

Mandriva sendmail-8.12.11-1.1.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva sendmail-8.12.11-1.1.M20mdk.src.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva sendmail-cf-8.12.11-1.1.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva sendmail-devel-8.12.11-1.1.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva sendmail-doc-8.12.11-1.1.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Sendmail Consortium Sendmail 8.13.6
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.6.tar.gz

Slackware sendmail-8.13.6-i486-1.tgz
Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/s endmail-8.13.6-i486-1.tgz

Slackware sendmail-cf-8.13.6-noarch-1.tgz
Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/s endmail-8.13.6-i486-1.tgz

Sendmail Consortium Sendmail 8.12.11

Mandriva sendmail-8.12.11-1.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva sendmail-8.12.11-1.1.C30mdk.src.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva sendmail-8.12.11-1.1.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva sendmail-cf-8.12.11-1.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva sendmail-cf-8.12.11-1.1.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva sendmail-devel-8.12.11-1.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva sendmail-devel-8.12.11-1.1.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva sendmail-doc-8.12.11-1.1.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva sendmail-doc-8.12.11-1.1.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

RedHat sendmail-8.12.11-4.26.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-8.12.1 1-4.26.legacy.i386.rpm

RedHat sendmail-cf-8.12.11-4.26.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-cf-8.1 2.11-4.26.legacy.i386.rpm

RedHat sendmail-devel-8.12.11-4.26.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-devel- 8.12.11-4.26.legacy.i386.rpm

RedHat sendmail-doc-8.12.11-4.26.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-doc-8. 12.11-4.26.legacy.i386.rpm

Sendmail Consortium Sendmail 8.13.6
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.6.tar.gz

Slackware sendmail-8.13.6-i486-1.tgz
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ sendmail-8.13.6-i486-1.tgz

Slackware sendmail-cf-8.13.6-noarch-1.tgz
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ sendmail-8.13.6-i486-1.tgz

Sendmail Consortium Sendmail 8.12.8

RedHat sendmail-8.12.11-4.24.1.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-8.12.1 1-4.24.1.legacy.i386.rpm

RedHat sendmail-cf-8.12.11-4.24.1.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-cf-8.1 2.11-4.24.1.legacy.i386.rpm

RedHat sendmail-devel-8.12.11-4.24.1.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-devel- 8.12.11-4.24.1.legacy.i386.rpm

RedHat sendmail-doc-8.12.11-4.24.1.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-doc-8. 12.11-4.24.1.legacy.i386.rpm

Sendmail Consortium Sendmail 8.13.6
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.6.tar.gz

Slackware sendmail-8.13.6-i386-1.tgz
Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/s endmail-8.13.6-i386-1.tgz

Slackware sendmail-cf-8.13.6-noarch-1.tgz
Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/s endmail-cf-8.13.6-noarch-1.tgz

Sendmail Consortium Sendmail 8.13.5

RedHat sendmail-8.13.6-0.FC5.1.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-8.13.6-0.FC5.1.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-8.13.6-0.FC5.1.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-cf-8.13.6-0.FC5.1.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-cf-8.13.6-0.FC5.1.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-cf-8.13.6-0.FC5.1.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-debuginfo-8.13.6-0.FC5.1.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-debuginfo-8.13.6-0.FC5.1.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-debuginfo-8.13.6-0.FC5.1.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-devel-8.13.6-0.FC5.1.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-devel-8.13.6-0.FC5.1.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-devel-8.13.6-0.FC5.1.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-doc-8.13.6-0.FC5.1.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-doc-8.13.6-0.FC5.1.ppc.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

RedHat sendmail-doc-8.13.6-0.FC5.1.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

Sendmail Consortium Sendmail 8.13.6
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.6.tar.gz

Sendmail Consortium Sendmail 8.9.2

Sendmail Consortium Sendmail 8.13.6
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.6.tar.gz

Sendmail Consortium Sendmail 8.9.3

Sendmail Consortium Sendmail 8.13.6
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.6.tar.gz