- --------------------------------------------------------------------------
Debian Security Advisory DSA 384-1                     security@debian.org 
Debian -- Security Information                              Matt Zimmerman
September 17th, 2003                     Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : sendmail
Vulnerability  : buffer overflows
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0681 CAN-2003-0694

Two vulnerabilities were reported in sendmail.

 - CAN-2003-0681

   A "potential buffer overflow in ruleset parsing" for Sendmail
   8.12.9, when using the nonstandard rulesets (1) recipient (2),
   final, or (3) mailer-specific envelope recipients, has unknown
   consequences.

 - CAN-2003-0694

  The prescan function in Sendmail 8.12.9 allows remote attackers to
  execute arbitrary code via buffer overflow attacks, as demonstrated
  using the parseaddr function in parseaddr.c.

For the stable distribution (woody) these problems have been fixed in
sendmail version 8.12.3-6.6 and sendmail-wide version
8.12.3+3.5Wbeta-5.5.

For the unstable distribution (sid) these problems have been fixed in
sendmail version 8.12.10-1.

We recommend that you update your sendmail package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:      751 a7d0da0bedbe35592233cb9ce710f551
      
      Size/MD5 checksum:   255026 5a86a93275a55af8c92677469c4a8cd3
      
      Size/MD5 checksum:  1840401 b198b346b10b3b5afc8cb4e12c07ff4d
      
      Size/MD5 checksum:      738 cc23a68bcf23332d560086c3c55cd16a
      
      Size/MD5 checksum:   327218 7f2fc2d0efe7935713b2d77dec66359c
      
      Size/MD5 checksum:  1870451 4c7036e8042bae10a90da4a84a717963

  Architecture independent components:

      
      Size/MD5 checksum:   747778 9c4362147654d4f28d8346fa4ad84ed0

  Alpha architecture:

      
      Size/MD5 checksum:   267842 4f53274558b9e29ca341721a68fb4adc
      
      Size/MD5 checksum:  1109340 78cb6eb6b340e5dc52982889532a844a
      
      Size/MD5 checksum:   440712 b22b97caba3652ef2a7d9f35633e3040

  ARM architecture:

      
      Size/MD5 checksum:   247568 ac8f0778eb56f7c0a852fdc54ef071b1
      
      Size/MD5 checksum:   979454 6b9898686e6361abe657c5fd75d962c5
      
      Size/MD5 checksum:   369568 3baf5caa46b2c9d0b67c6d60f47d8030

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   237374 0662e6e9bb58db37a1d8f511e4ba2fce
      
      Size/MD5 checksum:   917848 3717265bb7ed3f5bd81fb9a712826cec
      
      Size/MD5 checksum:   328914 23af5c312cef6a53f000f4663980b11d

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   282028 a35b9ca4cfc7a1c1ec6bdb1f2e00d8bb
      
      Size/MD5 checksum:  1332734 9f4ae78c3aa4644366e7e3f4bb787096
      
      Size/MD5 checksum:   575024 9e4283bf8427361959efc71fa10b47db

  HP Precision architecture:

      
      Size/MD5 checksum:   261692 a91642fb4a90687c7d318342cac40b81
      
      Size/MD5 checksum:  1081070 f8359f91edc1a1587de9ef3fee05e48a
      
      Size/MD5 checksum:   413758 f7ebfefbe7bc3a212a0233531969d6ce

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   231156 5a6f6c5597d65c625a8f93bca3ba91c7
      
      Size/MD5 checksum:   865868 3f8e05c30f67a10b3148868b884b181a
      
      Size/MD5 checksum:   300824 fcfe51748953a3cbec6b67ec6b59c815

  Big endian MIPS architecture:

      
      Size/MD5 checksum:   255192 f6e277fc5dd3aad2471224cd5a93d8b2
      
      Size/MD5 checksum:  1022140 9ffa270d18fcff47eb50a379abf83423
      
      Size/MD5 checksum:   378446 3eb569322bf2ca44efad2e619ac60e09

  Little endian MIPS architecture:

      
      Size/MD5 checksum:   254886 1671ae782111b31689db3cdcc8a685ca
      
      Size/MD5 checksum:  1022564 2c6d07a51a6799b3adf0465708ea965a
      
      Size/MD5 checksum:   380428 af4eb3885b34141ac8ca280d9588c236

  PowerPC architecture:

      
      Size/MD5 checksum:   257296 6327996cfa6ba83133ca891e9ee7e06b
      
      Size/MD5 checksum:   978630 a328cc8608dfe496bacb51984a813eff
      
      Size/MD5 checksum:   363018 a7310a71887232474be479fdc0dc8846

  IBM S/390 architecture:

      
      Size/MD5 checksum:   242622 86d18643513d01467640277260d5faf4
      
      Size/MD5 checksum:   966352 db7b4c5516759dde0c244f87394e206a
      
      Size/MD5 checksum:   354934 7d9e5afceef87330409cc68a284e0b99

  Sun Sparc architecture:

      
      Size/MD5 checksum:   245326 d2c2c75a72bb25db831cf200aaa84ae2
      
      Size/MD5 checksum:   982550 7e755b31bb2b0db5aa82ca5f516ac46d
      
      Size/MD5 checksum:   356148 c330e1560c9b37e25dd73947fe6fbc22

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: sendmail buffer overlow vulnerabilities

September 18, 2003
There are multiple buffer overflow vulnerabilities in the sendmail package.

Summary

Two vulnerabilities were reported in sendmail.

- CAN-2003-0681

A "potential buffer overflow in ruleset parsing" for Sendmail
8.12.9, when using the nonstandard rulesets (1) recipient (2),
final, or (3) mailer-specific envelope recipients, has unknown
consequences.

- CAN-2003-0694

The prescan function in Sendmail 8.12.9 allows remote attackers to
execute arbitrary code via buffer overflow attacks, as demonstrated
using the parseaddr function in parseaddr.c.

For the stable distribution (woody) these problems have been fixed in
sendmail version 8.12.3-6.6 and sendmail-wide version
8.12.3+3.5Wbeta-5.5.

For the unstable distribution (sid) these problems have been fixed in
sendmail version 8.12.10-1.

We recommend that you update your sendmail package.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


Size/MD5 checksum: 751 a7d0da0bedbe35592233cb9ce710f551

Size/MD5 checksum: 255026 5a86a93275a55af8c92677469c4a8cd3

Size/MD5 checksum: 1840401 b198b346b10b3b5afc8cb4e12c07ff4d

Size/MD5 checksum: 738 cc23a68bcf23332d560086c3c55cd16a

Size/MD5 checksum: 327218 7f2fc2d0efe7935713b2d77dec66359c

Size/MD5 checksum: 1870451 4c7036e8042bae10a90da4a84a717963

Architecture independent components:


Size/MD5 checksum: 747778 9c4362147654d4f28d8346fa4ad84ed0

Alpha architecture:


Size/MD5 checksum: 267842 4f53274558b9e29ca341721a68fb4adc

Size/MD5 checksum: 1109340 78cb6eb6b340e5dc52982889532a844a

Size/MD5 checksum: 440712 b22b97caba3652ef2a7d9f35633e3040

ARM architecture:


Size/MD5 checksum: 247568 ac8f0778eb56f7c0a852fdc54ef071b1

Size/MD5 checksum: 979454 6b9898686e6361abe657c5fd75d962c5

Size/MD5 checksum: 369568 3baf5caa46b2c9d0b67c6d60f47d8030

Intel IA-32 architecture:


Size/MD5 checksum: 237374 0662e6e9bb58db37a1d8f511e4ba2fce

Size/MD5 checksum: 917848 3717265bb7ed3f5bd81fb9a712826cec

Size/MD5 checksum: 328914 23af5c312cef6a53f000f4663980b11d

Intel IA-64 architecture:


Size/MD5 checksum: 282028 a35b9ca4cfc7a1c1ec6bdb1f2e00d8bb

Size/MD5 checksum: 1332734 9f4ae78c3aa4644366e7e3f4bb787096

Size/MD5 checksum: 575024 9e4283bf8427361959efc71fa10b47db

HP Precision architecture:


Size/MD5 checksum: 261692 a91642fb4a90687c7d318342cac40b81

Size/MD5 checksum: 1081070 f8359f91edc1a1587de9ef3fee05e48a

Size/MD5 checksum: 413758 f7ebfefbe7bc3a212a0233531969d6ce

Motorola 680x0 architecture:


Size/MD5 checksum: 231156 5a6f6c5597d65c625a8f93bca3ba91c7

Size/MD5 checksum: 865868 3f8e05c30f67a10b3148868b884b181a

Size/MD5 checksum: 300824 fcfe51748953a3cbec6b67ec6b59c815

Big endian MIPS architecture:


Size/MD5 checksum: 255192 f6e277fc5dd3aad2471224cd5a93d8b2

Size/MD5 checksum: 1022140 9ffa270d18fcff47eb50a379abf83423

Size/MD5 checksum: 378446 3eb569322bf2ca44efad2e619ac60e09

Little endian MIPS architecture:


Size/MD5 checksum: 254886 1671ae782111b31689db3cdcc8a685ca

Size/MD5 checksum: 1022564 2c6d07a51a6799b3adf0465708ea965a

Size/MD5 checksum: 380428 af4eb3885b34141ac8ca280d9588c236

PowerPC architecture:


Size/MD5 checksum: 257296 6327996cfa6ba83133ca891e9ee7e06b

Size/MD5 checksum: 978630 a328cc8608dfe496bacb51984a813eff

Size/MD5 checksum: 363018 a7310a71887232474be479fdc0dc8846

IBM S/390 architecture:


Size/MD5 checksum: 242622 86d18643513d01467640277260d5faf4

Size/MD5 checksum: 966352 db7b4c5516759dde0c244f87394e206a

Size/MD5 checksum: 354934 7d9e5afceef87330409cc68a284e0b99

Sun Sparc architecture:


Size/MD5 checksum: 245326 d2c2c75a72bb25db831cf200aaa84ae2

Size/MD5 checksum: 982550 7e755b31bb2b0db5aa82ca5f516ac46d

Size/MD5 checksum: 356148 c330e1560c9b37e25dd73947fe6fbc22

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/



Severity
Package : sendmail
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0681 CAN-2003-0694

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved