SOT Linux Advisory: sendmailAug 29, 2003, 15:58 (0 Talkback[s])
SOT Linux Security Advisory
1. Problem description
Sendmail is a widely used Mail Transport Agent (MTA).
There is a vulnerability in sendmail that can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root.
Also a bug has been discovered in the handling of DNS maps in Sendmail 8.12 versions before 8.12.9. A remote attacker can exploit this issue to crash the instance of Sendmail dealing with the request. We believe that the nature of the bug would make remote exploitation of this issue difficult, if at all possible. The Common Vulnerabilities and Exposures project (cve.mitre.org//) has assigned the name CAN-2003-0688 to this issue.
Sendmail users are advised to update to the packages contained within this erratum which include a backported patch to correct this vulnerability.
2. Updated packages
SOT Linux 2003 Desktop:
SOT Linux 2003 Server:
3. Upgrading package
Before applying this update, make sure all previously released errata relevant to your system have been applied.
Use up2date to automatically upgrade the fixed packages.
If you want to upgrade manually, download the updated package from the SOT Linux FTP site (use the links above) or from one of our mirrors. The list of mirrors can be obtained at www.sot.com/en/linux
Update the package with the following command: rpm -Uvh <filename>
All packages are PGP signed by SOT for security.
You can verify each package with the following command: rpm --checksig <filename>
If you wish to verify the integrity of the downloaded package, run "md5sum <filename>" and compare the output with data given below.
Package Name MD5 sum
Copyright(c) 2001-2003 SOT
0 Talkback[s] (click to add your comment)