Paketname
sendmail
Datum
2003-09-17
Advisory ID
MDKSA-2003:092
Betroffene Versionen
9.1 i586 , CS2.1 x86_64 , CS2.1 i586 , 9.0 i586 , 8.2 i586 , 9.1 i586 , 8.2 i586

Problembeschreibung

A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CAN-2003-0694). Another potential buffer overflow was fixed in ruleset parsing which is not exploitable in the default sendmail configuration. A problem may occur if non-standard rulesets recipient (2), final (4), or mailer- specific envelope recipients rulesets are use. This problem was discovered by Timo Sirainen (CAN-2003-0681). MandrakeSoft encourages all users who use sendmail to upgrade to the provided packages which are patched to fix both problems.

Aktualisierte Pakete

9.1 i586

 abf1ad68f3835ce7f2593f935af97c95  9.1/RPMS/sendmail-8.12.9-1.2mdk.i586.rpm
26427faee7bc48e521e370a7957865a7  9.1/RPMS/sendmail-cf-8.12.9-1.2mdk.i586.rpm
a531c3ec3b6807428968254854d863b2  9.1/RPMS/sendmail-devel-8.12.9-1.2mdk.i586.rpm
3e70938f6cb88c69f3a004c96b3ec347  9.1/RPMS/sendmail-doc-8.12.9-1.2mdk.i586.rpm
1d575885387c5130d993d15cdfec56e5  9.1/SRPMS/sendmail-8.12.9-1.2mdk.src.rpm

CS2.1 x86_64

 be2b785589385b663e68eee7333a3e0b  x86_64/corporate/2.1/RPMS/sendmail-8.12.6-3.5mdk.x86_64.rpm
cee3ca36ad6b93e4f904fd100ab88232  x86_64/corporate/2.1/RPMS/sendmail-cf-8.12.6-3.5mdk.x86_64.rpm
e85ead3a1faa38e0f75877d376c29e4d  x86_64/corporate/2.1/RPMS/sendmail-devel-8.12.6-3.5mdk.x86_64.rpm
502927ac1e70df157079e8779f919527  x86_64/corporate/2.1/RPMS/sendmail-doc-8.12.6-3.5mdk.x86_64.rpm
e9aa39db8dad6941af1e3a6e8c857cb5  x86_64/corporate/2.1/SRPMS/sendmail-8.12.6-3.5mdk.src.rpm

CS2.1 i586

 7870e3e3f35647266197194e933f5ed7  corporate/2.1/RPMS/sendmail-8.12.6-3.5mdk.i586.rpm
3df2666ba0c7eef233a0060d799d86c4  corporate/2.1/RPMS/sendmail-cf-8.12.6-3.5mdk.i586.rpm
e09d65fa52f14038643602d9c41ea72b  corporate/2.1/RPMS/sendmail-devel-8.12.6-3.5mdk.i586.rpm
6c580bbbc7212e13b2a27de1e727254d  corporate/2.1/RPMS/sendmail-doc-8.12.6-3.5mdk.i586.rpm
e9aa39db8dad6941af1e3a6e8c857cb5  corporate/2.1/SRPMS/sendmail-8.12.6-3.5mdk.src.rpm

9.0 i586

 7870e3e3f35647266197194e933f5ed7  9.0/RPMS/sendmail-8.12.6-3.5mdk.i586.rpm
3df2666ba0c7eef233a0060d799d86c4  9.0/RPMS/sendmail-cf-8.12.6-3.5mdk.i586.rpm
e09d65fa52f14038643602d9c41ea72b  9.0/RPMS/sendmail-devel-8.12.6-3.5mdk.i586.rpm
6c580bbbc7212e13b2a27de1e727254d  9.0/RPMS/sendmail-doc-8.12.6-3.5mdk.i586.rpm
e9aa39db8dad6941af1e3a6e8c857cb5  9.0/SRPMS/sendmail-8.12.6-3.5mdk.src.rpm

8.2 i586

 87a2d830b724bc67640ea4e267a60517  8.2/RPMS/sendmail-8.12.1-4.5mdk.i586.rpm
b21c82a3f1b554aecd5227ab7269aea4  8.2/RPMS/sendmail-cf-8.12.1-4.5mdk.i586.rpm
aed850225f1902657b02010a703d744c  8.2/RPMS/sendmail-devel-8.12.1-4.5mdk.i586.rpm
aca8d9015390056de17b16db3fecc3e4  8.2/RPMS/sendmail-doc-8.12.1-4.5mdk.i586.rpm
b0a8f5bbc575c2fc8b0dcaf2af00cbba  8.2/SRPMS/sendmail-8.12.1-4.5mdk.src.rpm

9.1 i586

 ff80af8ecc2af755689271c495cffed2  ppc/9.1/RPMS/sendmail-8.12.9-1.2mdk.ppc.rpm
d29850a5cd7322d7d908a2c7299133ea  ppc/9.1/RPMS/sendmail-cf-8.12.9-1.2mdk.ppc.rpm
503d3aae07c0b8f707fd0f6187990dbd  ppc/9.1/RPMS/sendmail-devel-8.12.9-1.2mdk.ppc.rpm
10c1cb226d1e991eed8f974d1b62dc33  ppc/9.1/RPMS/sendmail-doc-8.12.9-1.2mdk.ppc.rpm
1d575885387c5130d993d15cdfec56e5  ppc/9.1/SRPMS/sendmail-8.12.9-1.2mdk.src.rpm

8.2 i586

 993a8769ba667651e4319c27c9e82b7e  ppc/8.2/RPMS/sendmail-8.12.1-4.5mdk.ppc.rpm
6c9e501287a7eccec51b10dce7c6e6fb  ppc/8.2/RPMS/sendmail-cf-8.12.1-4.5mdk.ppc.rpm
e8d204f807ee1ea4a364fb4afdc24439  ppc/8.2/RPMS/sendmail-devel-8.12.1-4.5mdk.ppc.rpm
cb695b306b372a540e363006adfc5f54  ppc/8.2/RPMS/sendmail-doc-8.12.1-4.5mdk.ppc.rpm
b0a8f5bbc575c2fc8b0dcaf2af00cbba  ppc/8.2/SRPMS/sendmail-8.12.1-4.5mdk.src.rpm

Referenzen