MDKSA-2003:042-1
- Package name
- sendmail
- Date
- 2003-04-03
- Advisory ID
- MDKSA-2003:042-1
- Affected versions
- 9.1 i586 , 9.1 i586
Problem description
Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion. This vulnerability makes it poissible for an attacker to take control of sendmail and is thought to be remotely exploitable, and very likely locally exploitable. Updated packages are available with patches applied (the older versions), and the new fixed version is available for Mandrake Linux 9.1 users. Update: The packages for Mandrake Linux 9.1 and 9.1/PPC were not GPG-signed. This has been fixed and as a result the md5sums have changed. Thanks to Mark Lyda for pointing this out.
Updated packages
9.1 i586
65f0061eb655b19d9c07b3531e4563cf ppc/9.1/RPMS/sendmail-8.12.9-1.1mdk.ppc.rpm e931375678d6c03861db63adaf1b7097 ppc/9.1/RPMS/sendmail-cf-8.12.9-1.1mdk.ppc.rpm 542e40ff731f422ed15217f1d6b3c2f9 ppc/9.1/RPMS/sendmail-devel-8.12.9-1.1mdk.ppc.rpm 1bf1fbe629f0089df4d021f8073b6a06 ppc/9.1/RPMS/sendmail-doc-8.12.9-1.1mdk.ppc.rpm 0188091a674ce41d037dab6a8ed2ebc4 ppc/9.1/SRPMS/sendmail-8.12.9-1.1mdk.src.rpm
9.1 i586
56a6a400378107de3f364f6025e83e41 9.1/RPMS/sendmail-8.12.9-1.1mdk.i586.rpm 49e92bdff42a7e3a8097f5e170699c53 9.1/RPMS/sendmail-cf-8.12.9-1.1mdk.i586.rpm 3f3469f3e47261acb2e3af097e304e8b 9.1/RPMS/sendmail-devel-8.12.9-1.1mdk.i586.rpm 8d4bce67442e8fc4c92a22817ac4ef06 9.1/RPMS/sendmail-doc-8.12.9-1.1mdk.i586.rpm 0188091a674ce41d037dab6a8ed2ebc4 9.1/SRPMS/sendmail-8.12.9-1.1mdk.src.rpm