Package name
sendmail
Date
2003-04-03
Advisory ID
MDKSA-2003:042-1
Affected versions
9.1 i586 , 9.1 i586

Problem description

Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion. This vulnerability makes it poissible for an attacker to take control of sendmail and is thought to be remotely exploitable, and very likely locally exploitable. Updated packages are available with patches applied (the older versions), and the new fixed version is available for Mandrake Linux 9.1 users. Update: The packages for Mandrake Linux 9.1 and 9.1/PPC were not GPG-signed. This has been fixed and as a result the md5sums have changed. Thanks to Mark Lyda for pointing this out.

Updated packages

9.1 i586

 65f0061eb655b19d9c07b3531e4563cf  ppc/9.1/RPMS/sendmail-8.12.9-1.1mdk.ppc.rpm
e931375678d6c03861db63adaf1b7097  ppc/9.1/RPMS/sendmail-cf-8.12.9-1.1mdk.ppc.rpm
542e40ff731f422ed15217f1d6b3c2f9  ppc/9.1/RPMS/sendmail-devel-8.12.9-1.1mdk.ppc.rpm
1bf1fbe629f0089df4d021f8073b6a06  ppc/9.1/RPMS/sendmail-doc-8.12.9-1.1mdk.ppc.rpm
0188091a674ce41d037dab6a8ed2ebc4  ppc/9.1/SRPMS/sendmail-8.12.9-1.1mdk.src.rpm

9.1 i586

 56a6a400378107de3f364f6025e83e41  9.1/RPMS/sendmail-8.12.9-1.1mdk.i586.rpm
49e92bdff42a7e3a8097f5e170699c53  9.1/RPMS/sendmail-cf-8.12.9-1.1mdk.i586.rpm
3f3469f3e47261acb2e3af097e304e8b  9.1/RPMS/sendmail-devel-8.12.9-1.1mdk.i586.rpm
8d4bce67442e8fc4c92a22817ac4ef06  9.1/RPMS/sendmail-doc-8.12.9-1.1mdk.i586.rpm
0188091a674ce41d037dab6a8ed2ebc4  9.1/SRPMS/sendmail-8.12.9-1.1mdk.src.rpm

References