Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


SOT Linux Advisory: sendmail

Mar 04, 2003, 20:54 (0 Talkback[s])

[ Thanks to SOT Linux Security Team for this link. ]

---------------------------------------------------------------------
                   SOT Linux Security Advisory

Subject:           Updated sendmail package for SOT Linux 2002
Advisory ID:       SLSA-2003:11
Date:              Tuesday, March 4, 2003
Product:           SOT Linux 2002
---------------------------------------------------------------------

1. Problem description

The buffer overflow vulnerability was discovered in the Sendmail
Mail Transfer Agent (MTA).

Attackers may remotely exploit this vulnerability to gain "root" or superuser
control of any vulnerable Sendmail server. Sendmail and all other email
servers are typically exposed to the Internet in order to send and receive
Internet email. Vulnerable Sendmail servers will not be protected by legacy
security devices such as firewalls and/or packet filters. This vulnerability
is especially dangerous because the exploit can be delivered within an email
message and the attacker doesn't need any specific knowledge of the target to
launch a successful attack.

SOT Linux 2002 users are advised to update sendmail package.


2. Updated packages

SOT Linux 2002 Desktop:

i386:
ftp://ftp.sot.com/updates/2002/Desktop/i386/sendmail-8.12.5-3.i386.rpm

SRPMS:
ftp://ftp.sot.com/updates/2002/Desktop/SRPMS/sendmail-8.12.5-3.src.rpm

SOT Linux 2002 Server:

i386:
ftp://ftp.sot.com/updates/2002/Server/i386/sendmail-8.12.5-3.i386.rpm

SRPMS:
ftp://ftp.sot.com/updates/2002/Server/SRPMS/sendmail-8.12.5-3.src.rpm


3. Upgrading package

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Use up2date to automatically upgrade the fixed packages.

If you want to upgrade manually, download the updated package from
the SOT Linux FTP site (use the links above) or from one of our mirrors.
The list of mirrors can be obtained at www.sot.com/en/linux

Update the package with the following command:
rpm -Uvh 


4. Verification

All packages are PGP signed by SOT for security.

You can verify each package with the following command:
rpm --checksig 

If you wish to verify the integrity of the downloaded package, run
"md5sum " and compare the output with data given below.


Package Name                              MD5 sum
---------------------------------------------------------------------
/Desktop/i386/sendmail-8.12.5-3.i386.rpm  2369f754a6fc418986ea9c2de9c643d7
/Desktop/SRPMS/sendmail-8.12.5-3.src.rpm  3720dfd7abe95aecdf1e0a820e8ad324
/Server/i386/sendmail-8.12.5-3.i386.rpm   2369f754a6fc418986ea9c2de9c643d7
/Server/SRPMS/sendmail-8.12.5-3.src.rpm   3720dfd7abe95aecdf1e0a820e8ad324

5. References

http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
http://www.iss.net/security_center/static/10748.php
http://www.sendmail.org/patchcr.html
http://www.kb.cert.org/vuls/id/398025
http://www.cert.org/advisories/CA-2003-07.html


Copyright(c) 2001-2003 SOT

---------------------------------------------------------------------
You can view other update advisories for SOT Linux 2002 at:
http://www.sot.com/en/linux/sa/
To unsubscribe, visit your account at https://www.sot.com/
---------------------------------------------------------------------