LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Slackware: sendmail Buffer overflow vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Slackware The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patchedto fix a security problem. Note that this vulnerablity is NOT the sameone that was announced on March 3rd and requires a new fix.

[slackware-security]  Sendmail buffer overflow fixed (NEW)

The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patched
to fix a security problem.  Note that this vulnerablity is NOT the same
one that was announced on March 3rd and requires a new fix.

All sites running sendmail should upgrade.

More information on the problem can be found here:
 
http://www.sendmail.org/8.12.9.html

Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Sat Mar 29 13:46:36 PST 2003
patches/packages/sendmail-8.12.9-i386-1.tgz:  Upgraded to sendmail-8.12.9.
  From sendmail's RELEASE_NOTES:
    8.12.9/8.12.9   2003/03/29
    SECURITY: Fix a buffer overflow in address parsing due to
              a char to int conversion problem which is potentially
              remotely exploitable.  Problem found by Michal Zalewski.
              Note: an MTA that is not patched might be vulnerable to
              data that it receives from untrusted sources, which
              includes DNS.
  (* Security fix *)
patches/packages/sendmail-cf-8.12.9-noarch-1.tgz:  Updated config files for
  sendmail-8.12.9.
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated packages for Slackware 8.0: 
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/sendmail.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/smailcfg.tgz

Updated packages for Slackware 8.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.12.9-i386-1.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-cf-8.12.9-noarch-1.tgz

Updated packages for Slackware 9.0: 
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-8.12.9-i386-1.tgz 
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-cf-8.12.9-noarch-1.tgz



MD5 SIGNATURES:
+-------------+

Here are the md5sums for the packages:

Slackware 8.0 packages:
c29c3063313534bee8db13c5afcd1abc  sendmail.tgz
1b3be9b45f0d078e1053b80069538ca7  smailcfg.tgz

Slackware 8.1 packages:
b1b538ae7685ce8a09514b51f8802614  sendmail-8.12.9-i386-1.tgz
628b61a20f4529b514060620e5e601e7  sendmail-cf-8.12.9-noarch-1.tgz

Slackware 9.0 packages:
5f4f92f933961b6e652d294cd76da426  sendmail-8.12.9-i386-1.tgz
45b217e09d5ff2d0e1b7b12a389c86ec  sendmail-cf-8.12.9-noarch-1.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

First (as root), stop sendmail:

. /etc/rc.d/rc.sendmail stop

Next, upgrade the sendmail package(s) with upgradepkg:

upgradepkg sendmail-*.tgz

Finally, restart sendmail:

. /etc/rc.d/rc.sendmail start



+-----+

Slackware Linux Security Team 
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.