Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Red Hat: RHSA-2003:283-01 Critical: Sendmail Stack Overflows

red hat
Calendar Grey September 17, 2003
Dist Redhat Esm H88
Debian Linux users can now obtain patches for postfix security issues. Protect your network from possible risks.
Updated Sendmail packages that fix a potentially-exploitable vulnerabilityare now available

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website:



5. Bug IDs fixed ( for more info):

104563 - CAN-2003-0694 Sendmail possible remote exploit

6. RPMs required:

Red Hat Linux 7.1:

SRPMS:


i386:





Red Hat Linux 7.2:

SRPMS:


i386:





ia64:





Red Hat Linux 7.3:

SRPMS:


i386:





Red Hat Linux 8.0:

SRPMS:


i386:





Red Hat Linux 9:

SRPMS:


i386:






7. Verification:

MD5 sum Package Name 675b4366f9894a73944ed8f91cea5c7d 7.1/en/os/SRPMS/sendmail-8.11.6-27.71.src.rpm faed73b08e50794290423dd2b8c8bc9f 7.1/en/os/i386/sendmail-8.11.6-27.71.i386.rpm bf1cc813beded26219d81e7fb0a5cc8b 7.1/en/os/i386/sendmail-cf-8.11.6-27.71.i386.rpm b3658219e5a31c2a788a828b80044581 7.1/en/os/i386/sendmail-devel-8.11.6-27.71.i386.rpm 4c47bae883878e661312561bb35fdd1d 7.1/en/os/i386/sendmail-doc-8.11.6-27.71.i386.rpm 0fc61a1454c0c4a06f35105bc2b497f3 7.2/en/os/SRPMS/sendmail-8.11.6-27.72.src.rpm 65054b5ca258e62afa68a6cc3439d64f 7.2/en/os/i386/sendmail-8.11.6-27.72.i386.rpm c4dfd211300fbadd2f7482c80094054b 7.2/en/os/i386/sendmail-cf-8.11.6-27.72.i386.rpm 24f6d31f51e7688bc261ffe4ee248280 7.2/en/os/i386/sendmail-devel-8.11.6-27.72.i386.rpm 213f9dbe89703c90eb970bf09121adfe 7.2/en/os/i386/sendmail-doc-8.11.6-27.72.i386.rpm 2fff7128169ae9a3a3cf4e7f3418a64a 7.2/en/os/ia64/sendmail-8.11.6-27.72.ia64.rpm 2ad3274246e74dad6462ce1d630b0fc9 7.2/en/os/ia64/sendmail-cf-8.11.6-27.72.ia64.rpm 7c4330087840a86ad38e459879211768 7.2/en/os/ia64/sendmail-devel-8.11.6-27.72.ia64.rpm fae68ef232f32b3736964d2fdcea77de 7.2/en/os/ia64/sendmail-doc-8.11.6-27.72.ia64.rpm afa8639444b6fc6b2889d18b34fcdc68 7.3/en/os/SRPMS/sendmail-8.11.6-27.73.src.rpm 9164913aa510c0c241646cf7134f6b4c 7.3/en/os/i386/sendmail-8.11.6-27.73.i386.rpm 5ac5d48dbc80c817d384e1267452ef96 7.3/en/os/i386/sendmail-cf-8.11.6-27.73.i386.rpm df4b107c15fdbfd8c7c97423956831d8 7.3/en/os/i386/sendmail-devel-8.11.6-27.73.i386.rpm 370ec17f86d5658b3f7f9adcf0102a69 7.3/en/os/i386/sendmail-doc-8.11.6-27.73.i386.rpm 368c156b23b89d1a0d7eb1cecb3011e2 8.0/en/os/SRPMS/sendmail-8.12.8-9.80.src.rpm fbecae564b08ab535f846b089c8ca3a9 8.0/en/os/i386/sendmail-8.12.8-9.80.i386.rpm da5ede78cf6da018537a741bd4f1df70 8.0/en/os/i386/sendmail-cf-8.12.8-9.80.i386.rpm 66fdacc34440831977a571dfb6540e58 8.0/en/os/i386/sendmail-devel-8.12.8-9.80.i386.rpm 6afa3f6f6e79e4fbda7c5026cea277c7 8.0/en/os/i386/sendmail-doc-8.12.8-9.80.i386.rpm 870a1c9b2cf0e161ae7d0e78d0c080f4 9/en/os/SRPMS/sendmail-8.12.8-9.90.src.rpm 2d2d9df08fa8084ceafb832d454ad543 9/en/os/i386/sendmail-8.12.8-9.90.i386.rpm c44250016b8b353a1985fa4510a50327 9/en/os/i386/sendmail-cf-8.12.8-9.90.i386.rpm 98dadb898089fc7952790f38cbe71f96 9/en/os/i386/sendmail-devel-8.12.8-9.90.i386.rpm bc6dadfb2f68215c09b876972f5c74b5 9/en/os/i386/sendmail-doc-8.12.8-9.90.i386.rpm

These packages are GPG signed by Red Hat for security. Our key is available from https://access.redhat.com/security/team/key

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

md5sum


Summary

References

http://marc.theaimsgroup.com/?l=bugtraq&m=106381604923204&w=2 Sendmail Open Source - Open Source Email Server | Proofpoint US CVE -CVE-2003-0694 CVE -CVE-2003-0681

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2003:283-01
Issue date: 2003-09-17
Updated on: 2003-09-17
Product: Red Hat Linux
Keywords:
Cross references:
Obsoletes: RHSA-2003:265

Topic

Relevant Releases Architectures

Red Hat Linux 7.1 - i386

Red Hat Linux 7.2 - i386, ia64

Red Hat Linux 7.3 - i386

Red Hat Linux 8.0 - i386

Red Hat Linux 9 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.