Linux Security
    Linux Security
    Linux Security

    Debian: sendmail buffer overflow vulnerability

    Date
    2300
    Posted By
    There is a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 278-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    https://www.debian.org/security/                             Martin Schulze
    April 4th, 2003                          https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : sendmail
    Vulnerability  : char-to-int conversion
    Problem-Type   : local, maybe remote
    Debian-specific: no
    CVE Id         : CAN-2003-0161
    CERT Id        : VU#897604 CA-2003-12
    
    Michal Zalewski discovered a buffer overflow, triggered by a char to
    int conversion, in the address parsing code in sendmail, a widely used
    powerful, efficient, and scalable mail transport agent.  This problem
    is potentially remotely exploitable.
    
    For the stable distribution (woody) this problem has been
    fixed in version 8.12.3-6.2.
    
    For the stable distribution (woody) this problem has been
    fixed in version 8.9.3-26.
    
    For the unstable distribution (sid) this problem has been
    fixed in version 8.12.9-1.
    
    We recommend that you upgrade your sendmail packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
    
      Source archives:
    
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.dsc
          Size/MD5 checksum:      649 f11b024ef774130f7918b882a7318c78
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.diff.gz
          Size/MD5 checksum:   143360 2e9868662e4e28e548ed9f6da2982b41
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3.orig.tar.gz
          Size/MD5 checksum:  1068290 efedacfbce84a71d1cfb0e617b84596e
    
      Alpha architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_alpha.deb
          Size/MD5 checksum:   989736 a435c32c79785261bd0e7ec921718915
    
      ARM architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_arm.deb
          Size/MD5 checksum:   948306 1bdd277a28bd6a6c3c812053d11b1edd
    
      Intel IA-32 architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_i386.deb
          Size/MD5 checksum:   931838 36c569e21502a246dbdfba711b54842e
    
      Motorola 680x0 architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_m68k.deb
          Size/MD5 checksum:   917632 8ed928ac433a6be8d3144bb435bf1cfd
    
      PowerPC architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_powerpc.deb
          Size/MD5 checksum:   933820 000557eff8d57fa2e479e8df52348f0b
    
      Sun Sparc architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_sparc.deb
          Size/MD5 checksum:   945760 c2e0e3d1edb05a00d3e5b0d8ca1053c8
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2.dsc
          Size/MD5 checksum:      761 9eae4393094b7b163ecdddcd16dad19e
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2.diff.gz
          Size/MD5 checksum:   253152 1fcbf7838b267d06a8c6258d3ff56488
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
          Size/MD5 checksum:  1840401 b198b346b10b3b5afc8cb4e12c07ff4d
    
      Architecture independent components:
    
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.2_all.deb
          Size/MD5 checksum:   747408 5d83e06ac78cb55eabb9334235ec82ab
    
      Alpha architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_alpha.deb
          Size/MD5 checksum:   267450 a8fd2edcabf581c8cef66fc1dcb5a8aa
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_alpha.deb
          Size/MD5 checksum:  1218398 cf5503083ecacd7049171922e2fe15c7
    
      ARM architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_arm.deb
          Size/MD5 checksum:   247160 2a01bee8674426bc1a3ef3c40a39e4a1
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_arm.deb
          Size/MD5 checksum:  1066282 2dc41903235f6a88de369807e633f8c9
    
      Intel IA-32 architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_i386.deb
          Size/MD5 checksum:   236942 fb790940bcdfcd6231db136c6d381cb5
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_i386.deb
          Size/MD5 checksum:  1003484 b995fe58b4669c44eb52182dd9418418
    
      Intel IA-64 architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_ia64.deb
          Size/MD5 checksum:   281624 52e26ea36d2368392903adf05d89dd34
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_ia64.deb
          Size/MD5 checksum:  1482096 046c02549910b1a8392ddef7a562e5d9
    
      HP Precision architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_hppa.deb
          Size/MD5 checksum:   261292 004fae2b6c8a12754521a18aa8086587
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_hppa.deb
          Size/MD5 checksum:  1183440 4fdef1c4f769dc00819e0c50baefb542
    
      Motorola 680x0 architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_m68k.deb
          Size/MD5 checksum:   230756 eb81cfe3246e10351b018a16e29256cf
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_m68k.deb
          Size/MD5 checksum:   941698 18db8d5f9145f614525bca339b115aac
    
      Big endian MIPS architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_mips.deb
          Size/MD5 checksum:   254796 bde3bab2d8ca1cb7703284fb91ef1317
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_mips.deb
          Size/MD5 checksum:  1125560 cb304f8b210a750d63596649ba4e7b98
    
      Little endian MIPS architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_mipsel.deb
          Size/MD5 checksum:   254492 94d3ac5c26ff850e528c8daa51b725d2
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_mipsel.deb
          Size/MD5 checksum:  1126774 d47df658c70fa4f25fd83b1fa28c8a87
    
      PowerPC architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_powerpc.deb
          Size/MD5 checksum:   256894 a3b2e7c0ce91f7d539d9f0494b71a236
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_powerpc.deb
          Size/MD5 checksum:  1073152 afd5d2e123ec40833f6e8b8143a0afbe
    
      IBM S/390 architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_s390.deb
          Size/MD5 checksum:   242242 a87e4e47fcaacc7d289b8431d5c665d5
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_s390.deb
          Size/MD5 checksum:  1049752 32146f341d640d20afb522b4653e8b75
    
      Sun Sparc architecture:
    
         https://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_sparc.deb
          Size/MD5 checksum:   244946 d55d99adf61e55a08a0fa91a65ffca67
         https://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_sparc.deb
          Size/MD5 checksum:  1069378 0383d42cdb29769f398df70bee7ea8b5
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  https://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  https://packages.debian.org/
    
    
    
    

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.