- ------------------------------------------------------------------------ Debian Security Advisory DSA-257-2 security@debian.org Debian -- Security Information Wichert Akkerman March 4, 2003 - ------------------------------------------------------------------------ Package : sendmail-wide Problem type : remote exploit Debian-specific: no This advisory is an addendum to DSA-257-1; the sendmail problem discussed there also applies to the sendmail-wide packages. Mark Dowd of ISS X-Force found a bug in the header parsing routines of sendmail: it could overflow a buffer when encountering addresses specially crafted addresses. This has been fixed in version 8.9.3+3.2W-24 of the package for Debian GNU/Linux 2.2/potato and version 8.12.3+3.5Wbeta-5.2 of the package for Debian GNU/Linux 3.0/woody. - ------------------------------------------------------------------------ Obtaining updates: By hand: wget URL will fetch the file for you. dpkg -i FILENAME.deb will install the fetched file. With apt: deb Debian -- Security Information stable/updates main added to /etc/apt/sources.list will provide security updates Additional information can be found on the Debian security webpages at Debian -- Security Information - ------------------------------------------------------------------------ Debian GNU/Linux 2.2 alias potato - --------------------------------- Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At this moment updates for the arm architecture are not yet available. Source archives: Size/MD5 checksum: 541 c93cca69438ee75976517187d4f8d664 Size/MD5 checksum: 1272761 2905292d7c17de5a1ae31d2ebf5c344c alpha architecture (DEC Alpha) Size/MD5 checksum: 302696 87b2cce86f430f8825439ecab1a405f8 i386 architecture (Intel ia32) Size/MD5 checksum: 217618 7da2aeb124ff0da6a596b429a64415ab m68k architecture (Motorola Mc680x0) Size/MD5 checksum: 202468 f66310eab0cca7ba0dcc6f55407a6359 powerpc architecture (PowerPC) Size/MD5 checksum: 242646 7887c26fb5b701f56b9f4836e50f152d sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 236450 ef7e06fe112024b51a09857da19c7139 Debian GNU/Linux 3.0 alias woody - -------------------------------- Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 738 13e84b5fad4146ae8b09a3c53def1425 Size/MD5 checksum: 1870451 4c7036e8042bae10a90da4a84a717963 Size/MD5 checksum: 324768 d97da94eafadfb9c31dd7678fbb39c62 alpha architecture (DEC Alpha) Size/MD5 checksum: 440346 481ec19be09824cb2394b990149396db arm architecture (ARM) Size/MD5 checksum: 369224 708693168ed3f0268fc9b346d4ffae13 hppa architecture (HP PA RISC) Size/MD5 checksum: 413364 9bb9609e2f215e5f42e3c540563fc12e i386 architecture (Intel ia32) Size/MD5 checksum: 328606 c76a156b74928a1ba796a3a3b48d7423 ia64 architecture (Intel ia64) Size/MD5 checksum: 574706 d1a2522112c46ff60d1cbaefdb49e2d7 m68k architecture (Motorola Mc680x0) Size/MD5 checksum: 300600 6688599f9af8d95b174916283b28289b mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 378150 facb8c33943fa62c88713021a351e79c mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 380108 867a14a01572fb747d81932b7106a429 powerpc architecture (PowerPC) Size/MD5 checksum: 362674 5380a764a53eca533a709ad631fba0d8 s390 architecture (IBM S/390) Size/MD5 checksum: 354562 6a21b7f3ced620789e35df583d6411fd sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 355768 36c642bd24104fb94f33a8680af0058b - -- - ---------------------------------------------------------------------------- Debian Security team <team@security.debian.org> Debian -- Security Information Mailing-List: debian-security-announce@lists.debian.org
Debian: sendmail-wide remote exploit
March 5, 2003
This advisory is an addendum to DSA-257-1; the sendmail problem discussed there also applies to the sendmail-wide packages.
Summary
Package : sendmail-wide
Problem type : remote exploit
Debian-specific: no
This advisory is an addendum to DSA-257-1; the sendmail problem
discussed there also applies to the sendmail-wide packages.
Mark Dowd of ISS X-Force found a bug in the header parsing routines
of sendmail: it could overflow a buffer when encountering addresses
specially crafted addresses.
This has been fixed in version 8.9.3+3.2W-24 of the package for Debian
GNU/Linux 2.2/potato and version 8.12.3+3.5Wbeta-5.2 of the package
for Debian GNU/Linux 3.0/woody.
Obtaining updates:
By hand:
wget URL
will fetch the file for you.
dpkg -i FILENAME.deb
will install the fetched file.
With apt:
deb Debian -- Security Information stable/updates main
added to /etc/apt/sources.list will provide security updates
Additional information can be found on the Debian security webpages
at Debian -- Security Information
Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At
this moment updates for the arm architecture are not yet available.
Source archives:
Size/MD5 checksum: 541 c93cca69438ee75976517187d4f8d664
Size/MD5 checksum: 1272761 2905292d7c17de5a1ae31d2ebf5c344c
alpha architecture (DEC Alpha)
Size/MD5 checksum: 302696 87b2cce86f430f8825439ecab1a405f8
i386 architecture (Intel ia32)
Size/MD5 checksum: 217618 7da2aeb124ff0da6a596b429a64415ab
m68k architecture (Motorola Mc680x0)
Size/MD5 checksum: 202468 f66310eab0cca7ba0dcc6f55407a6359
powerpc architecture (PowerPC)
Size/MD5 checksum: 242646 7887c26fb5b701f56b9f4836e50f152d
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 236450 ef7e06fe112024b51a09857da19c7139
Debian GNU/Linux 3.0 alias woody
Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
powerpc, s390 and sparc.
Source archives:
Size/MD5 checksum: 738 13e84b5fad4146ae8b09a3c53def1425
Size/MD5 checksum: 1870451 4c7036e8042bae10a90da4a84a717963
Size/MD5 checksum: 324768 d97da94eafadfb9c31dd7678fbb39c62
alpha architecture (DEC Alpha)
Size/MD5 checksum: 440346 481ec19be09824cb2394b990149396db
arm architecture (ARM)
Size/MD5 checksum: 369224 708693168ed3f0268fc9b346d4ffae13
hppa architecture (HP PA RISC)
Size/MD5 checksum: 413364 9bb9609e2f215e5f42e3c540563fc12e
i386 architecture (Intel ia32)
Size/MD5 checksum: 328606 c76a156b74928a1ba796a3a3b48d7423
ia64 architecture (Intel ia64)
Size/MD5 checksum: 574706 d1a2522112c46ff60d1cbaefdb49e2d7
m68k architecture (Motorola Mc680x0)
Size/MD5 checksum: 300600 6688599f9af8d95b174916283b28289b
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 378150 facb8c33943fa62c88713021a351e79c
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 380108 867a14a01572fb747d81932b7106a429
powerpc architecture (PowerPC)
Size/MD5 checksum: 362674 5380a764a53eca533a709ad631fba0d8
s390 architecture (IBM S/390)
Size/MD5 checksum: 354562 6a21b7f3ced620789e35df583d6411fd
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 355768 36c642bd24104fb94f33a8680af0058b
- --
Debian Security team <team@security.debian.org>
Debian -- Security Information
Mailing-List: debian-security-announce@lists.debian.org
Severity
News
HOWTOs
About Us
Powered By
