LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: sendmail-wide remote exploit Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian This advisory is an addendum to DSA-257-1; the sendmail problem discussed there also applies to the sendmail-wide packages.

- ------------------------------------------------------------------------
Debian Security Advisory DSA-257-2                   security@debian.org 
http://www.debian.org/security/                         Wichert Akkerman
March  4, 2003
- ------------------------------------------------------------------------


Package        : sendmail-wide
Problem type   : remote exploit
Debian-specific: no

This advisory is an addendum to DSA-257-1; the sendmail problem
discussed there also applies to the sendmail-wide packages.

Mark Dowd of ISS X-Force found a bug in the header parsing routines
of sendmail: it could overflow a buffer when encountering addresses
specially crafted addresses.

This has been fixed in version 8.9.3+3.2W-24 of the package for Debian
GNU/Linux 2.2/potato and version 8.12.3+3.5Wbeta-5.2 of the package
for Debian GNU/Linux 3.0/woody.

- ------------------------------------------------------------------------

Obtaining updates:

  By hand:
    wget URL
        will fetch the file for you.
    dpkg -i FILENAME.deb
        will install the fetched file.

  With apt:
    deb  http://security.debian.org/ stable/updates main
        added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at  http://www.debian.org/security/

- ------------------------------------------------------------------------


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At
  this moment updates for the arm architecture are not yet available.


  Source archives:

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24.dsc
      Size/MD5 checksum:      541 c93cca69438ee75976517187d4f8d664
     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24.tar.gz
      Size/MD5 checksum:  1272761 2905292d7c17de5a1ae31d2ebf5c344c

  alpha architecture (DEC Alpha)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_alpha.deb
      Size/MD5 checksum:   302696 87b2cce86f430f8825439ecab1a405f8

  i386 architecture (Intel ia32)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_i386.deb
      Size/MD5 checksum:   217618 7da2aeb124ff0da6a596b429a64415ab

  m68k architecture (Motorola Mc680x0)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_m68k.deb
      Size/MD5 checksum:   202468 f66310eab0cca7ba0dcc6f55407a6359

  powerpc architecture (PowerPC)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_powerpc.deb
      Size/MD5 checksum:   242646 7887c26fb5b701f56b9f4836e50f152d

  sparc architecture (Sun SPARC/UltraSPARC)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_sparc.deb
      Size/MD5 checksum:   236450 ef7e06fe112024b51a09857da19c7139


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
  powerpc, s390 and sparc. 


  Source archives:

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2.dsc
      Size/MD5 checksum:      738 13e84b5fad4146ae8b09a3c53def1425
     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta.orig.tar.gz
      Size/MD5 checksum:  1870451 4c7036e8042bae10a90da4a84a717963
     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2.diff.gz
      Size/MD5 checksum:   324768 d97da94eafadfb9c31dd7678fbb39c62

  alpha architecture (DEC Alpha)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_alpha.deb
      Size/MD5 checksum:   440346 481ec19be09824cb2394b990149396db

  arm architecture (ARM)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_arm.deb
      Size/MD5 checksum:   369224 708693168ed3f0268fc9b346d4ffae13

  hppa architecture (HP PA RISC)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_hppa.deb
      Size/MD5 checksum:   413364 9bb9609e2f215e5f42e3c540563fc12e

  i386 architecture (Intel ia32)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_i386.deb
      Size/MD5 checksum:   328606 c76a156b74928a1ba796a3a3b48d7423

  ia64 architecture (Intel ia64)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_ia64.deb
      Size/MD5 checksum:   574706 d1a2522112c46ff60d1cbaefdb49e2d7

  m68k architecture (Motorola Mc680x0)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_m68k.deb
      Size/MD5 checksum:   300600 6688599f9af8d95b174916283b28289b

  mips architecture (MIPS (Big Endian))

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_mips.deb
      Size/MD5 checksum:   378150 facb8c33943fa62c88713021a351e79c

  mipsel architecture (MIPS (Little Endian))

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_mipsel.deb
      Size/MD5 checksum:   380108 867a14a01572fb747d81932b7106a429

  powerpc architecture (PowerPC)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_powerpc.deb
      Size/MD5 checksum:   362674 5380a764a53eca533a709ad631fba0d8

  s390 architecture (IBM S/390)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_s390.deb
      Size/MD5 checksum:   354562 6a21b7f3ced620789e35df583d6411fd

  sparc architecture (Sun SPARC/UltraSPARC)

     http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_sparc.deb
      Size/MD5 checksum:   355768 36c642bd24104fb94f33a8680af0058b

- -- 
- ----------------------------------------------------------------------------
Debian Security team <team@security.debian.org> 
http://www.debian.org/security/
Mailing-List: debian-security-announce@lists.debian.org

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Four fake Google haxbots hit YOUR WEBSITE every day
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
The Barnaby Jack Few Knew: Celebrated Hacker Saw Spotlight as 'Necessary Evil'
What I Learned from Edward Snowden at the Hacker Conference
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.