Subject: UnixWare 7.1.3 Open UNIX 8.0.0 : Sendmail: buffer overflow in versions 8.12.8 and prior.
Advisory number: CSSA-2003-SCO.23
Issue date: 2003 September 22
Cross reference: sr876458 fz527629 erg712276
________________________________________________________________________
______
1. Problem Description
There is a remotely exploitable vulnerability in sendmail
that could allow an attacker to gain control of a vulnerable
sendmail server.
Due to a variable type conversion problem (char to signed int),
sendmail may not adequately check the length of address tokens.
A specially crafted email message could trigger a stack overflow.
This vulnerability was discovered by Michal Zalewski.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0161 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3
Open UNIX 8.0.0
3. Solution
The proper solution is to install the latest packages.
This security fix closes SCO incidents sr876458 fz527629
erg712276.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
8. Acknowledgments
SCO would like to thank Michal Zalewski for notifying
Sendmail, Inc., and the Sendmail Consortium.
To: announce (at) lists.sco (dot) com [email concealed] bugtraq (at) securityfocus (dot) com [email concealed] full-disclosure (at) lists (dot) nets [email concealed]y
s.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
______
SCO Security Advisory
Subject: UnixWare 7.1.3 Open UNIX 8.0.0 : Sendmail: buffer overflow in versions 8.12.8 and prior.
Advisory number: CSSA-2003-SCO.23
Issue date: 2003 September 22
Cross reference: sr876458 fz527629 erg712276
________________________________________________________________________
______
1. Problem Description
There is a remotely exploitable vulnerability in sendmail
that could allow an attacker to gain control of a vulnerable
sendmail server.
Due to a variable type conversion problem (char to signed int),
sendmail may not adequately check the length of address tokens.
A specially crafted email message could trigger a stack overflow.
This vulnerability was discovered by Michal Zalewski.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0161 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3
Open UNIX 8.0.0
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.3
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.23
4.2 Verification
MD5 (erg712433.Z) = 67be4523e9286555bc3fbf1a51a6d72c
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Unknown installation method
5. Open UNIX 8.0.0
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2003-SCO.23
5.2 Verification
MD5 (erg712433.Z) = 67be4523e9286555bc3fbf1a51a6d72c
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
Unknown installation method
6. References
Specific references for this advisory:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr876458 fz527629
erg712276.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
8. Acknowledgments
SCO would like to thank Michal Zalewski for notifying
Sendmail, Inc., and the Sendmail Consortium.
________________________________________________________________________
______
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)
iD8DBQE/dMdhaqoBO7ipriERAo/cAJ92b72GZEB4R+YKmXjLcxxMEasuwACglEyM
y/ryWP9mlJers+g8/LxpCIg=
=s6gB
-----END PGP SIGNATURE-----
[ reply ]