Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Slackware: 'sendmail' input validation vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
Slackware This problem can be exploited by local users to gain rootaccess. It is not exploitable by remote attackers without shell access.

An input validation error in sendmail has been discovered by Cade Cairns of
SecurityFocus.  This problem can be exploited by local users to gain root
access.  It is not exploitable by remote attackers without shell access.
New packages based on sendmail.8.11.6 have been prepared for Slackware 7.1
and 8.0.

Detailed information about this security problem may be found here:

New procmail packages have been prepared as well, based on procmail-3.21.
The ChangeLog notes that these problems were fixed as of procmail-3.20,
but it's not known how serious they really are:
     - SECURITY: don't do unsafe things from signal handlers:
       - ignore TRAP when terminating because of a signal
       - resolve the host and protocol of COMSAT when it is set
       - save the absolute path form of $LASTFOLDER for the comsat
         message when it is set
       - only use the log buffer if it's safe


Updated packages for Slackware 8.0:

Updated packages for Slackware 7.1:


Here are the md5sums for the packages:

Slackware 8.0 packages:
56099f1bce9643e44342711878a7ceb0  ./packages/procmail.tgz
3d03fd648ecf40eed56ff915780fb8ab  ./packages/sendmail.tgz
1a13d98a11d0af853893a640909d8958  ./packages/smailcfg.tgz

Slackware 7.1 packages:
121f13cecaaac0efdc1b510b68e6c147  ./packages/procmail.tgz
7c0e57969057ba72e6b59e26aa39de04  ./packages/sendmail.tgz
9e30e9e07fce4001bbf7f330cb2f9d71  ./packages/smailcfg.tgz


First, kill any existing sendmail processes:

killall -9 sendmail

Then, as root, upgrade the sendmail package with upgradepkg:

upgradepkg sendmail.tgz

Then, restart sendmail:

/usr/sbin/sendmail -bd -q15m

- Slackware Linux Security Team

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.