An input validation error in sendmail has been discovered by Cade Cairns of
SecurityFocus.  This problem can be exploited by local users to gain root
access.  It is not exploitable by remote attackers without shell access.
New packages based on sendmail.8.11.6 have been prepared for Slackware 7.1
and 8.0.

Detailed information about this security problem may be found here:
     

New procmail packages have been prepared as well, based on procmail-3.21.
The ChangeLog notes that these problems were fixed as of procmail-3.20,
but it's not known how serious they really are:
     - SECURITY: don't do unsafe things from signal handlers:
       - ignore TRAP when terminating because of a signal
       - resolve the host and protocol of COMSAT when it is set
       - save the absolute path form of $LASTFOLDER for the comsat
         message when it is set
       - only use the log buffer if it's safe


WHERE TO FIND THE NEW PACKAGES:
-------------------------------

Updated packages for Slackware 8.0: 
  
  
 

Updated packages for Slackware 7.1: 
  
  
 


MD5 SIGNATURES:
---------------

Here are the md5sums for the packages:

Slackware 8.0 packages:
56099f1bce9643e44342711878a7ceb0  ./packages/procmail.tgz
3d03fd648ecf40eed56ff915780fb8ab  ./packages/sendmail.tgz
1a13d98a11d0af853893a640909d8958  ./packages/smailcfg.tgz

Slackware 7.1 packages:
121f13cecaaac0efdc1b510b68e6c147  ./packages/procmail.tgz
7c0e57969057ba72e6b59e26aa39de04  ./packages/sendmail.tgz
9e30e9e07fce4001bbf7f330cb2f9d71  ./packages/smailcfg.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

First, kill any existing sendmail processes:

killall -9 sendmail

Then, as root, upgrade the sendmail package with upgradepkg:

upgradepkg sendmail.tgz

Then, restart sendmail:

/usr/sbin/sendmail -bd -q15m



- Slackware Linux Security Team
   The Slackware Linux Project

Slackware: 'sendmail' input validation vulnerability

August 27, 2001
This problem can be exploited by local users to gain rootaccess

Summary

Where Find New Packages

MD5 Signatures

Severity
An input validation error in sendmail has been discovered by Cade Cairns of SecurityFocus. This problem can be exploited by local users to gain root access. It is not exploitable by remote attackers without shell access. New packages based on sendmail.8.11.6 have been prepared for Slackware 7.1 and 8.0.
Detailed information about this security problem may be found here:
New procmail packages have been prepared as well, based on procmail-3.21. The ChangeLog notes that these problems were fixed as of procmail-3.20, but it's not known how serious they really are: - SECURITY: don't do unsafe things from signal handlers: - ignore TRAP when terminating because of a signal - resolve the host and protocol of COMSAT when it is set - save the absolute path form of $LASTFOLDER for the comsat message when it is set - only use the log buffer if it's safe
WHERE TO FIND THE NEW PACKAGES: -------------------------------
Updated packages for Slackware 8.0:
Updated packages for Slackware 7.1:
MD5 SIGNATURES: ---------------
Here are the md5sums for the packages:
Slackware 8.0 packages: 56099f1bce9643e44342711878a7ceb0 ./packages/procmail.tgz 3d03fd648ecf40eed56ff915780fb8ab ./packages/sendmail.tgz 1a13d98a11d0af853893a640909d8958 ./packages/smailcfg.tgz
Slackware 7.1 packages: 121f13cecaaac0efdc1b510b68e6c147 ./packages/procmail.tgz 7c0e57969057ba72e6b59e26aa39de04 ./packages/sendmail.tgz 9e30e9e07fce4001bbf7f330cb2f9d71 ./packages/smailcfg.tgz
INSTALLATION INSTRUCTIONS: --------------------------
First, kill any existing sendmail processes:
killall -9 sendmail
Then, as root, upgrade the sendmail package with upgradepkg:
upgradepkg sendmail.tgz
Then, restart sendmail:
/usr/sbin/sendmail -bd -q15m
- Slackware Linux Security Team The Slackware Linux Project

Installation Instructions

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved