dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Red Hat Linux Advisories: openssh, sendmail

Sep 18, 2003, 02:20 (1 Talkback[s])

Red Hat Security Advisory

Synopsis: Updated OpenSSH packages fix potential vulnerabilities
Advisory ID: RHSA-2003:279-02
Issue date: 2003-09-16
Updated on: 2003-09-17
Product: Red Hat Linux
Keywords:
Cross references:
Obsoletes: RHSA-2003:222
CVE Names: CAN-2003-0693 CAN-2003-0695 CAN-2003-0682

1. Topic:

Updated OpenSSH packages are now available that fix bugs that may be remotely exploitable.

[Updated 17 Sep 2003]
Updated packages are now available to fix additional buffer manipulation problems which were fixed in OpenSSH 3.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2003-0695 to these additional issues.

We have also included fixes from Solar Designer for some additional memory bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2003-0682 to these issues.

2. Relevant releases/architectures:

Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
Red Hat Linux 9 - i386

3. Problem description:

OpenSSH is a suite of network connectivity tools that can be used to establish encrypted connections between systems on a network and can provide interactive login sessions and port forwarding, among other functions.

The OpenSSH team has announced a bug which affects the OpenSSH buffer handling code. This bug has the potential of being remotely exploitable. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2003-0693 to this issue.

All users of OpenSSH should immediately apply this update which contains a backported fix for this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. RPMs required:

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/openssh-3.1p1-13.src.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/openssh-3.1p1-13.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssh-clients-3.1p1-13.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssh-server-3.1p1-13.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssh-askpass-3.1p1-13.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/openssh-askpass-gnome-3.1p1-13.i386.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/openssh-3.1p1-14.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/openssh-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssh-clients-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssh-server-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssh-askpass-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/openssh-askpass-gnome-3.1p1-14.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-3.1p1-14.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-clients-3.1p1-14.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-server-3.1p1-14.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-askpass-3.1p1-14.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/openssh-askpass-gnome-3.1p1-14.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/openssh-3.1p1-14.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/openssh-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssh-clients-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssh-server-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssh-askpass-3.1p1-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/openssh-askpass-gnome-3.1p1-14.i386.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/openssh-3.4p1-7.src.rpm

i386:
ftp://updates.redhat.com/8.0/en/os/i386/openssh-3.4p1-7.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssh-clients-3.4p1-7.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssh-server-3.4p1-7.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssh-askpass-3.4p1-7.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/openssh-askpass-gnome-3.4p1-7.i386.rpm

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/openssh-3.5p1-11.src.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/openssh-3.5p1-11.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssh-clients-3.5p1-11.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssh-server-3.5p1-11.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssh-askpass-3.5p1-11.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/openssh-askpass-gnome-3.5p1-11.i386.rpm

6. Verification:

MD5 sum Package Name


6cb8f6ed9b09b1f3f1f0564b9b1e6b55 7.1/en/os/SRPMS/openssh-3.1p1-13.src.rpm
9fd288589f124600a115c4540b967546 7.1/en/os/i386/openssh-3.1p1-13.i386.rpm
74d1258698990ab13ae3a6654c2ec076 7.1/en/os/i386/openssh-askpass-3.1p1-13.i386.rpm
c451a89e639305fc9b45ebeb22bee53c 7.1/en/os/i386/openssh-askpass-gnome-3.1p1-13.i386.rpm
46db395a09d70a04f78f2f99d7dee598 7.1/en/os/i386/openssh-clients-3.1p1-13.i386.rpm
a90461d8ed836b05db4140bdb334853d 7.1/en/os/i386/openssh-server-3.1p1-13.i386.rpm
2ffa9565705436314cf9b6dedcb30501 7.2/en/os/SRPMS/openssh-3.1p1-14.src.rpm
621313655d8060a0454bd9ea24f2ecc4 7.2/en/os/i386/openssh-3.1p1-14.i386.rpm
14c946af1e46502e65fd2a2e16e720af 7.2/en/os/i386/openssh-askpass-3.1p1-14.i386.rpm
5d21951446986c2c9273b74bc6f24d42 7.2/en/os/i386/openssh-askpass-gnome-3.1p1-14.i386.rpm
e60ebf607207738d0b06a634c872b51e 7.2/en/os/i386/openssh-clients-3.1p1-14.i386.rpm
36f8fcd31f88ddc370fdad1d05ab2faa 7.2/en/os/i386/openssh-server-3.1p1-14.i386.rpm
e05d229d860a745e3deb6919657608e1 7.2/en/os/ia64/openssh-3.1p1-14.ia64.rpm
40052191b71767409de985655a6ef15d 7.2/en/os/ia64/openssh-askpass-3.1p1-14.ia64.rpm
f65ae2b19d3925c561e3f46a655e9933 7.2/en/os/ia64/openssh-askpass-gnome-3.1p1-14.ia64.rpm
1559e98e2067218bc76a31fd92027386 7.2/en/os/ia64/openssh-clients-3.1p1-14.ia64.rpm
b2105a311ac26351368928af2e3573ca 7.2/en/os/ia64/openssh-server-3.1p1-14.ia64.rpm
2ffa9565705436314cf9b6dedcb30501 7.3/en/os/SRPMS/openssh-3.1p1-14.src.rpm
621313655d8060a0454bd9ea24f2ecc4 7.3/en/os/i386/openssh-3.1p1-14.i386.rpm
14c946af1e46502e65fd2a2e16e720af 7.3/en/os/i386/openssh-askpass-3.1p1-14.i386.rpm
5d21951446986c2c9273b74bc6f24d42 7.3/en/os/i386/openssh-askpass-gnome-3.1p1-14.i386.rpm
e60ebf607207738d0b06a634c872b51e 7.3/en/os/i386/openssh-clients-3.1p1-14.i386.rpm
36f8fcd31f88ddc370fdad1d05ab2faa 7.3/en/os/i386/openssh-server-3.1p1-14.i386.rpm
47f4de9e51a25484b1e0cac9f9b4676c 8.0/en/os/SRPMS/openssh-3.4p1-7.src.rpm
422872397649f06ae7953ef00ffcc319 8.0/en/os/i386/openssh-3.4p1-7.i386.rpm
e4f58b8ae54132ef930c6dbe852fa581 8.0/en/os/i386/openssh-askpass-3.4p1-7.i386.rpm
b6ea35700c46e03a4012a7f1dcef5c6d 8.0/en/os/i386/openssh-askpass-gnome-3.4p1-7.i386.rpm
1e4af9a4cfb4e2b13858183758bf7d11 8.0/en/os/i386/openssh-clients-3.4p1-7.i386.rpm
887c34bbbd631b8093c74062bb641120 8.0/en/os/i386/openssh-server-3.4p1-7.i386.rpm
e08da954970897a6617fa1862232afe6 9/en/os/SRPMS/openssh-3.5p1-11.src.rpm
8598eddc12b2f06c34464a24d549d9af 9/en/os/i386/openssh-3.5p1-11.i386.rpm
48b23604aad9ecebb9f55807c562491d 9/en/os/i386/openssh-askpass-3.5p1-11.i386.rpm
e64a662054f7efeb6a0172fdadc26c92 9/en/os/i386/openssh-askpass-gnome-3.5p1-11.i386.rpm
922cf88933eeda965d6ad7534051c17e 9/en/os/i386/openssh-clients-3.5p1-11.i386.rpm
f58b37fc0290039448c450c3eb9630df 9/en/os/i386/openssh-server-3.5p1-11.i386.rpm

These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

md5sum

7. References:

http://www.openssh.com/txt/buffer.adv
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682

8. Contact:

The Red Hat security contact is <<A HREF="mailto:secalert@redhat.com">secalert@redhat.com>. More contact details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.


Red Hat Security Advisory

Synopsis: Updated Sendmail packages fix vulnerability.
Advisory ID: RHSA-2003:283-01
Issue date: 2003-09-17
Updated on: 2003-09-17
Product: Red Hat Linux
Keywords:
Cross references:
Obsoletes: RHSA-2003:265
CVE Names: CAN-2003-0694 CAN-2003-0681

  1. Topic:

Updated Sendmail packages that fix a potentially-exploitable vulnerability are now available.

2. Relevant releases/architectures:

Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
Red Hat Linux 9 - i386

3. Problem description:

Sendmail is a widely used Mail Transport Agent (MTA) and is included in all Red Hat Linux distributions.

Michal Zalewski found a bug in the prescan() function of unpatched Sendmail versions prior to 8.12.10. The sucessful exploitation of this bug can lead to heap and stack structure overflows. Although no exploit currently exists, this issue is locally exploitable and may also be remotely exploitable. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2003-0694 to this issue.

Additionally, for Red Hat Linux 8.0 and 9 we have included a fix for a potential buffer overflow in ruleset parsing. This problem is not exploitable in the default sendmail configuration; it is exploitable only if non-standard rulesets recipient (2), final (4), or mailer-specific envelope recipients rulesets are used. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2003-0681 to this issue.

All users are advised to update to these erratum packages containing a backported patch which corrects these vulnerabilities.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

104563 - CAN-2003-0694 Sendmail possible remote exploit

6. RPMs required:

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/sendmail-8.11.6-27.71.src.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-8.11.6-27.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-doc-8.11.6-27.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-devel-8.11.6-27.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/sendmail-cf-8.11.6-27.71.i386.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/sendmail-8.11.6-27.72.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-8.11.6-27.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-doc-8.11.6-27.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-devel-8.11.6-27.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/sendmail-cf-8.11.6-27.72.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-8.11.6-27.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-doc-8.11.6-27.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-devel-8.11.6-27.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/sendmail-cf-8.11.6-27.72.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/sendmail-8.11.6-27.73.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-8.11.6-27.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-doc-8.11.6-27.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-devel-8.11.6-27.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/sendmail-cf-8.11.6-27.73.i386.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/sendmail-8.12.8-9.80.src.rpm

i386:
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-8.12.8-9.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-doc-8.12.8-9.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-devel-8.12.8-9.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/sendmail-cf-8.12.8-9.80.i386.rpm

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/sendmail-8.12.8-9.90.src.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/sendmail-8.12.8-9.90.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/sendmail-doc-8.12.8-9.90.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/sendmail-devel-8.12.8-9.90.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/sendmail-cf-8.12.8-9.90.i386.rpm

7. Verification:

MD5 sum Package Name


675b4366f9894a73944ed8f91cea5c7d 7.1/en/os/SRPMS/sendmail-8.11.6-27.71.src.rpm
faed73b08e50794290423dd2b8c8bc9f 7.1/en/os/i386/sendmail-8.11.6-27.71.i386.rpm
bf1cc813beded26219d81e7fb0a5cc8b 7.1/en/os/i386/sendmail-cf-8.11.6-27.71.i386.rpm
b3658219e5a31c2a788a828b80044581 7.1/en/os/i386/sendmail-devel-8.11.6-27.71.i386.rpm
4c47bae883878e661312561bb35fdd1d 7.1/en/os/i386/sendmail-doc-8.11.6-27.71.i386.rpm
0fc61a1454c0c4a06f35105bc2b497f3 7.2/en/os/SRPMS/sendmail-8.11.6-27.72.src.rpm
65054b5ca258e62afa68a6cc3439d64f 7.2/en/os/i386/sendmail-8.11.6-27.72.i386.rpm
c4dfd211300fbadd2f7482c80094054b 7.2/en/os/i386/sendmail-cf-8.11.6-27.72.i386.rpm
24f6d31f51e7688bc261ffe4ee248280 7.2/en/os/i386/sendmail-devel-8.11.6-27.72.i386.rpm
213f9dbe89703c90eb970bf09121adfe 7.2/en/os/i386/sendmail-doc-8.11.6-27.72.i386.rpm
2fff7128169ae9a3a3cf4e7f3418a64a 7.2/en/os/ia64/sendmail-8.11.6-27.72.ia64.rpm
2ad3274246e74dad6462ce1d630b0fc9 7.2/en/os/ia64/sendmail-cf-8.11.6-27.72.ia64.rpm
7c4330087840a86ad38e459879211768 7.2/en/os/ia64/sendmail-devel-8.11.6-27.72.ia64.rpm
fae68ef232f32b3736964d2fdcea77de 7.2/en/os/ia64/sendmail-doc-8.11.6-27.72.ia64.rpm
afa8639444b6fc6b2889d18b34fcdc68 7.3/en/os/SRPMS/sendmail-8.11.6-27.73.src.rpm
9164913aa510c0c241646cf7134f6b4c 7.3/en/os/i386/sendmail-8.11.6-27.73.i386.rpm
5ac5d48dbc80c817d384e1267452ef96 7.3/en/os/i386/sendmail-cf-8.11.6-27.73.i386.rpm
df4b107c15fdbfd8c7c97423956831d8 7.3/en/os/i386/sendmail-devel-8.11.6-27.73.i386.rpm
370ec17f86d5658b3f7f9adcf0102a69 7.3/en/os/i386/sendmail-doc-8.11.6-27.73.i386.rpm
368c156b23b89d1a0d7eb1cecb3011e2 8.0/en/os/SRPMS/sendmail-8.12.8-9.80.src.rpm
fbecae564b08ab535f846b089c8ca3a9 8.0/en/os/i386/sendmail-8.12.8-9.80.i386.rpm
da5ede78cf6da018537a741bd4f1df70 8.0/en/os/i386/sendmail-cf-8.12.8-9.80.i386.rpm
66fdacc34440831977a571dfb6540e58 8.0/en/os/i386/sendmail-devel-8.12.8-9.80.i386.rpm
6afa3f6f6e79e4fbda7c5026cea277c7 8.0/en/os/i386/sendmail-doc-8.12.8-9.80.i386.rpm
870a1c9b2cf0e161ae7d0e78d0c080f4 9/en/os/SRPMS/sendmail-8.12.8-9.90.src.rpm
2d2d9df08fa8084ceafb832d454ad543 9/en/os/i386/sendmail-8.12.8-9.90.i386.rpm
c44250016b8b353a1985fa4510a50327 9/en/os/i386/sendmail-cf-8.12.8-9.90.i386.rpm
98dadb898089fc7952790f38cbe71f96 9/en/os/i386/sendmail-devel-8.12.8-9.90.i386.rpm
bc6dadfb2f68215c09b876972f5c74b5 9/en/os/i386/sendmail-doc-8.12.8-9.90.i386.rpm

These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

md5sum

8. References:

http://marc.theaimsgroup.com/?l=bugtraq&m=106381604923204&w=2
http://www.sendmail.org/8.12.10.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0681

9. Contact:

The Red Hat security contact is <<A HREF="mailto:secalert@redhat.com">secalert@redhat.com>. More contact details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.