From security@sco.com Tue Nov 18 03:10:16 2003 From: security@sco.com To: announce@lists.caldera.com, bugtraq@securityfocus.com, full-disclosure@lists.netsys.com, security-alerts@linuxsecurity.com Date: Mon, 17 Nov 2003 14:16:55 -0800 (PST) Reply-To: please_reply_to_security@sco.com Subject: [Full-Disclosure] OpenLinux: Sendmail prescan remotely exploitable vulnerability To: announce@lists.caldera.com bugtraq@securityfocus.com full-disclosure@lists.netsys.com security-alerts@linuxsecurity.com ______________________________________________________________________________ SCO Security Advisory Subject: OpenLinux: Sendmail prescan remotely exploitable vulnerability Advisory number: CSSA-2003-036.0 Issue date: 2003 November 17 Cross reference: sr884726 fz528319 erg712432 ______________________________________________________________________________ 1. Problem Description There seems to be a remotely exploitable vulnerability affecting Sendmail up to including the latest version, 8.12.9. The problem lies in prescan() function. CAN-2003-0694 The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to sendmail-8.11.6-15.i386.rpm prior to sendmail-cf-8.11.6-15.i386.rpm prior to sendmail-doc-8.11.6-15.i386.rpm OpenLinux 3.1.1 Workstation prior to sendmail-8.11.6-15.i386.rpm prior to sendmail-cf-8.11.6-15.i386.rpm prior to sendmail-doc-8.11.6-15.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-036.0/RPMS 4.2 Packages d83fb7296cf6fce2d1af8212bda7dd46 sendmail-8.11.6-15.i386.rpm ac25d7e2a9aaddcce08aad001b6d7241 sendmail-cf-8.11.6-15.i386.rpm 9f7b9c04f75384843ba6b54689236dc2 sendmail-doc-8.11.6-15.i386.rpm 4.3 Installation rpm -Fvh sendmail-8.11.6-15.i386.rpm rpm -Fvh sendmail-cf-8.11.6-15.i386.rpm rpm -Fvh sendmail-doc-8.11.6-15.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-036.0/SRPMS 4.5 Source Packages 8b1dab8855ac4e1a25b336b58dcf1772 sendmail-8.11.6-15.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-036.0/RPMS 5.2 Packages 9931dfc45eb2d041278b9552bc9f2043 sendmail-8.11.6-15.i386.rpm 0fa48f065798774025c9359eac9bc293 sendmail-cf-8.11.6-15.i386.rpm 3619371879178cb82292c859a76208c6 sendmail-doc-8.11.6-15.i386.rpm 5.3 Installation rpm -Fvh sendmail-8.11.6-15.i386.rpm rpm -Fvh sendmail-cf-8.11.6-15.i386.rpm rpm -Fvh sendmail-doc-8.11.6-15.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-036.0/SRPMS 5.5 Source Packages 960a4ed05febec0d0480114c75d29065 sendmail-8.11.6-15.src.rpm 6. References Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694 SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr884726 fz528319 erg712432. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgements SCO would like to thank Michal Zalewski for reporting this issue. ______________________________________________________________________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html