Debian: sendmail buffer overflow vulnerability

    Date04 Apr 2003
    CategoryDebian
    2228
    Posted ByLinuxSecurity Advisories
    There is a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 278-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    April 4th, 2003                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : sendmail
    Vulnerability  : char-to-int conversion
    Problem-Type   : local, maybe remote
    Debian-specific: no
    CVE Id         : CAN-2003-0161
    CERT Id        : VU#897604 CA-2003-12
    
    Michal Zalewski discovered a buffer overflow, triggered by a char to
    int conversion, in the address parsing code in sendmail, a widely used
    powerful, efficient, and scalable mail transport agent.  This problem
    is potentially remotely exploitable.
    
    For the stable distribution (woody) this problem has been
    fixed in version 8.12.3-6.2.
    
    For the stable distribution (woody) this problem has been
    fixed in version 8.9.3-26.
    
    For the unstable distribution (sid) this problem has been
    fixed in version 8.12.9-1.
    
    We recommend that you upgrade your sendmail packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.dsc
          Size/MD5 checksum:      649 f11b024ef774130f7918b882a7318c78
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.diff.gz
          Size/MD5 checksum:   143360 2e9868662e4e28e548ed9f6da2982b41
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3.orig.tar.gz
          Size/MD5 checksum:  1068290 efedacfbce84a71d1cfb0e617b84596e
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_alpha.deb
          Size/MD5 checksum:   989736 a435c32c79785261bd0e7ec921718915
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_arm.deb
          Size/MD5 checksum:   948306 1bdd277a28bd6a6c3c812053d11b1edd
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_i386.deb
          Size/MD5 checksum:   931838 36c569e21502a246dbdfba711b54842e
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_m68k.deb
          Size/MD5 checksum:   917632 8ed928ac433a6be8d3144bb435bf1cfd
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_powerpc.deb
          Size/MD5 checksum:   933820 000557eff8d57fa2e479e8df52348f0b
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_sparc.deb
          Size/MD5 checksum:   945760 c2e0e3d1edb05a00d3e5b0d8ca1053c8
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2.dsc
          Size/MD5 checksum:      761 9eae4393094b7b163ecdddcd16dad19e
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2.diff.gz
          Size/MD5 checksum:   253152 1fcbf7838b267d06a8c6258d3ff56488
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
          Size/MD5 checksum:  1840401 b198b346b10b3b5afc8cb4e12c07ff4d
    
      Architecture independent components:
    
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.2_all.deb
          Size/MD5 checksum:   747408 5d83e06ac78cb55eabb9334235ec82ab
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_alpha.deb
          Size/MD5 checksum:   267450 a8fd2edcabf581c8cef66fc1dcb5a8aa
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_alpha.deb
          Size/MD5 checksum:  1218398 cf5503083ecacd7049171922e2fe15c7
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_arm.deb
          Size/MD5 checksum:   247160 2a01bee8674426bc1a3ef3c40a39e4a1
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_arm.deb
          Size/MD5 checksum:  1066282 2dc41903235f6a88de369807e633f8c9
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_i386.deb
          Size/MD5 checksum:   236942 fb790940bcdfcd6231db136c6d381cb5
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_i386.deb
          Size/MD5 checksum:  1003484 b995fe58b4669c44eb52182dd9418418
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_ia64.deb
          Size/MD5 checksum:   281624 52e26ea36d2368392903adf05d89dd34
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_ia64.deb
          Size/MD5 checksum:  1482096 046c02549910b1a8392ddef7a562e5d9
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_hppa.deb
          Size/MD5 checksum:   261292 004fae2b6c8a12754521a18aa8086587
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_hppa.deb
          Size/MD5 checksum:  1183440 4fdef1c4f769dc00819e0c50baefb542
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_m68k.deb
          Size/MD5 checksum:   230756 eb81cfe3246e10351b018a16e29256cf
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_m68k.deb
          Size/MD5 checksum:   941698 18db8d5f9145f614525bca339b115aac
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_mips.deb
          Size/MD5 checksum:   254796 bde3bab2d8ca1cb7703284fb91ef1317
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_mips.deb
          Size/MD5 checksum:  1125560 cb304f8b210a750d63596649ba4e7b98
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_mipsel.deb
          Size/MD5 checksum:   254492 94d3ac5c26ff850e528c8daa51b725d2
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_mipsel.deb
          Size/MD5 checksum:  1126774 d47df658c70fa4f25fd83b1fa28c8a87
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_powerpc.deb
          Size/MD5 checksum:   256894 a3b2e7c0ce91f7d539d9f0494b71a236
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_powerpc.deb
          Size/MD5 checksum:  1073152 afd5d2e123ec40833f6e8b8143a0afbe
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_s390.deb
          Size/MD5 checksum:   242242 a87e4e47fcaacc7d289b8431d5c665d5
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_s390.deb
          Size/MD5 checksum:  1049752 32146f341d640d20afb522b4653e8b75
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_sparc.deb
          Size/MD5 checksum:   244946 d55d99adf61e55a08a0fa91a65ffca67
         http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_sparc.deb
          Size/MD5 checksum:  1069378 0383d42cdb29769f398df70bee7ea8b5
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.26,"resources":[]},{"id":"88","title":"Should be more technical","votes":"16","type":"x","order":"2","pct":13.68,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.