There is a vulnerability in sendmail that can be exploited
to cause a denial-of-service condition and could allow a
remote attacker to execute arbitrary code with the privileges
of the sendmail daemon, typically root.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0161 to this issue.
CERT Advisory CA-2003-25
The prescan function in Sendmail 8.12.9 allows remote attackers
to execute arbitrary code via buffer overflow attacks, as
demonstrated using the parseaddr function in parseaddr.c.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0694 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.6 Sendmail distribution
OpenServer 5.0.7 Sendmail distribution
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.6
4.1 First install OSS646B or later - Execution Environment Supplement
The fixes are also available in SCO OpenServer Release 5.0.7
Maintenance Pack 3 or later. See
http://www.sco.com/support/update/download/osr507list.html.
Specific references for this advisory:
http://www.cert.org/advisories/CA-2003-12.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161
http://www.kb.cert.org/vuls/id/897604
http://www.cert.org/advisories/CA-2003-25.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694
http://www.kb.cert.org/vuls/id/784980
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
8. Acknowledgments
Michal Zalewski <lcamtuf (at) ghettot (dot) org [email concealed]> discovered and
researched these issues. Thanks to Eric Allman, Claus
Assmann, Greg Shapiro, and Dave Anderson of Sendmail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
______
SCO Security Advisory
Subject: OpenServer 5.0.6 OpenServer 5.0.7 : Multiple Vulnerabilities in Sendmail
Advisory number: SCOSA-2004.11
Issue date: 2004 July 28
Cross reference: sr876461 fz527630 erg712277 CAN-2003-0161 CA-2003-12
sr884730 fz528323 erg712435 CAN-2003-0694 CA-2003-25
________________________________________________________________________
______
1. Problem Description
CERT Advisory CA-2003-12
There is a vulnerability in sendmail that can be exploited
to cause a denial-of-service condition and could allow a
remote attacker to execute arbitrary code with the privileges
of the sendmail daemon, typically root.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0161 to this issue.
CERT Advisory CA-2003-25
The prescan function in Sendmail 8.12.9 allows remote attackers
to execute arbitrary code via buffer overflow attacks, as
demonstrated using the parseaddr function in parseaddr.c.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0694 to this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
OpenServer 5.0.6 Sendmail distribution
OpenServer 5.0.7 Sendmail distribution
3. Solution
The proper solution is to install the latest packages.
4. OpenServer 5.0.6
4.1 First install OSS646B or later - Execution Environment Supplement
ftp://ftp.sco.com/pub/openserver5/oss646b
4.2 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11
4.3 Verification
MD5 (VOL.000.000) = ff18b1666956ea57c9d54008c6ee9444
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.4 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to a directory
2) Run the custom command, specify an install from media
images, and specify the directory as the location of
the images.
5. OpenServer 5.0.7
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11
The fixes are also available in SCO OpenServer Release 5.0.7
Maintenance Pack 3 or later. See
http://www.sco.com/support/update/download/osr507list.html.
5.2 Verification
MD5 (VOL.000.000) = ff18b1666956ea57c9d54008c6ee9444
MD5 (507mp3_vol.tar) = c927aefdd50b50aca5d29e08c1562aec
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1) Download the VOL* files to a directory
2) Run the custom command, specify an install from media
images, and specify the directory as the location of
the images.
Or see the Maintenance Pack 3 Release and Installation Notes at
ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/osr507mp3.txt
6. References
Specific references for this advisory:
http://www.cert.org/advisories/CA-2003-12.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161
http://www.kb.cert.org/vuls/id/897604
http://www.cert.org/advisories/CA-2003-25.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694
http://www.kb.cert.org/vuls/id/784980
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents sr876461 fz527630
erg712277 sr884730 fz528323 erg712435.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
8. Acknowledgments
Michal Zalewski <lcamtuf (at) ghettot (dot) org [email concealed]> discovered and
researched these issues. Thanks to Eric Allman, Claus
Assmann, Greg Shapiro, and Dave Anderson of Sendmail
________________________________________________________________________
______
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SCO/UNIX_SVR5)
iD8DBQFBCAb4aqoBO7ipriERAsquAJ9NFvwPQpQmg0kRMbEnNX1pWrWPGACdGJld
Wbk845/8qKPOvhdchD3oaHQ=
=+V00
-----END PGP SIGNATURE-----
[ reply ]