[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] New Exploit for Sendmail

Subject: [cobalt-users] New Exploit for Sendmail
From: "EDK" <ekagan@xxxxxxxxxxx>
Date: Mon Mar 3 13:15:01 2003
Organization: Rcsplus.net
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

This just came across...what has been everyone's past experience using the
Sendmail patches on the Raq3 & Raq4 vs. waiting for Cobalt / Sun to release
a patch (if at all ?)


CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail

   Original release date: March 3, 2003
   Last revised: --
   Source: CERT/CC

   A complete revision history can be found at the end of this file.

Systems Affected

     * Sendmail Pro (all versions)
     * Sendmail Switch 2.1 prior to 2.1.5
     * Sendmail Switch 2.2 prior to 2.2.5
     * Sendmail Switch 3.0 prior to 3.0.3
     * Sendmail for NT 2.X prior to 2.6.2
     * Sendmail for NT 3.0 prior to 3.0.3
     * Systems  running  open-source  sendmail  versions prior to 8.12.8,
       including UNIX and Linux systems

Overview

   There  is  a vulnerability in sendmail that may allow remote attackers
   to gain the privileges of the sendmail daemon, typically root.


   The CERT/CC is tracking this issue as VU#398025. This reference number
   corresponds to CVE candidate CAN-2002-1337.

   For more information, please see

       http://www.sendmail.org
       http://www.sendmail.org/8.12.8.html
       http://www.sendmail.com/security/
       http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
       http://www.kb.cert.org/vuls/id/398025


III. Solution

Apply a patch from Sendmail

   Sendmail  has produced patches for versions 8.9, 8.10, 8.11, and 8.12.
   However,  the  vulnerability  also  exists  in earlier versions of the
   code;  therefore,  site  administrators  using  an earlier version are
   encouraged to upgrade to 8.12.8. These patches are located at

       ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.security.cr.patch
       ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.6.security.cr.patch
       ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.9.3.security.cr.patch

Apply a patch from your vendor

   Many  vendors  include  vulnerable  sendmail  servers as part of their
   software distributions. We have notified vendors of this vulnerability
   and  recorded  their  responses  in  the  systems  affected section of
   VU#398025.  Several  vendors  have  provided  a  statement  for direct
   inclusion in this advisory; these statements are available in Appendix
   A.

Follow-Ups:
- Re: [cobalt-users] New Exploit for Sendmail
  - From: Glenn Parsons

Prev by Date: Re: [cobalt-users] RAQ4 SSH
Next by Date: [cobalt-users] Secure ftp question
Previous by thread: Re: [cobalt-users] RAQ4 SSH
Next by thread: Re: [cobalt-users] New Exploit for Sendmail

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index