LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 2nd, 2014
Linux Advisory Watch: August 29th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated sendmail packages fix remote vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A race condition was reported in sendmail in how it handles asynchronous signals. This could allow a remote attacker to be able to execute arbitrary code with the privileges of the user running sendmail.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:058
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : sendmail
 Date    : March 22, 2006
 Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A race condition was reported in sendmail in how it handles
 asynchronous signals.  This could allow a remote attacker to be able
 to execute arbitrary code with the privileges of the user running
 sendmail.
 
 The updated packages have been patched to correct this problem via a
 patch provided by the Sendmail Consortium via CERT.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
 http://www.cert.org/advisories/834865
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 95305a1dfe64cfeabdca98fb008cfd91  10.2/RPMS/sendmail-8.13.3-2.1.102mdk.i586.rpm
 5215408069e99b0ff2994db3af55d62e  10.2/RPMS/sendmail-cf-8.13.3-2.1.102mdk.i586.rpm
 02deae8e6e131ac7cb847e9ab47a9885  10.2/RPMS/sendmail-devel-8.13.3-2.1.102mdk.i586.rpm
 356978837f0dbf3ab9dcce39e9f58f7d  10.2/RPMS/sendmail-doc-8.13.3-2.1.102mdk.i586.rpm
 9bff19f2f9b0b8502bf5f27dd2895f8e  10.2/SRPMS/sendmail-8.13.3-2.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 f148c878ea5b30370fc94e6a7255de5d  x86_64/10.2/RPMS/sendmail-8.13.3-2.1.102mdk.x86_64.rpm
 3968115b895ce937e2d4e2180d577168  x86_64/10.2/RPMS/sendmail-cf-8.13.3-2.1.102mdk.x86_64.rpm
 0f6226a324a5285b1ce81ce699de723b  x86_64/10.2/RPMS/sendmail-devel-8.13.3-2.1.102mdk.x86_64.rpm
 461e896f92cdd4cea5f0ba56c68ba7a9  x86_64/10.2/RPMS/sendmail-doc-8.13.3-2.1.102mdk.x86_64.rpm
 9bff19f2f9b0b8502bf5f27dd2895f8e  x86_64/10.2/SRPMS/sendmail-8.13.3-2.1.102mdk.src.rpm

 Mandriva Linux 2006.0:
 12616264669772849dc402ae7425229a  2006.0/RPMS/sendmail-8.13.4-6.1.20060mdk.i586.rpm
 d551d0ed690a5f3da78842071472d386  2006.0/RPMS/sendmail-cf-8.13.4-6.1.20060mdk.i586.rpm
 79c647c58c53c27e1a2555f5af71ef37  2006.0/RPMS/sendmail-devel-8.13.4-6.1.20060mdk.i586.rpm
 94fd6a9ffa27388a80e5e1d1cb9543ed  2006.0/RPMS/sendmail-doc-8.13.4-6.1.20060mdk.i586.rpm
 a996c91d8899ecb76ff1d961c6c0177a  2006.0/SRPMS/sendmail-8.13.4-6.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 7768a1368faf4890343b97ef868aae78  x86_64/2006.0/RPMS/sendmail-8.13.4-6.1.20060mdk.x86_64.rpm
 35f33c64846459eeca8587f7150d3978  x86_64/2006.0/RPMS/sendmail-cf-8.13.4-6.1.20060mdk.x86_64.rpm
 a70a4dc0ef6944f43614f83e742a80a2  x86_64/2006.0/RPMS/sendmail-devel-8.13.4-6.1.20060mdk.x86_64.rpm
 aaa7adbd147cab2bbad3bea812eb32c2  x86_64/2006.0/RPMS/sendmail-doc-8.13.4-6.1.20060mdk.x86_64.rpm
 a996c91d8899ecb76ff1d961c6c0177a  x86_64/2006.0/SRPMS/sendmail-8.13.4-6.1.20060mdk.src.rpm

 Corporate 3.0:
 be7c8df48bcf0790c64ac389b37754cb  corporate/3.0/RPMS/sendmail-8.12.11-1.1.C30mdk.i586.rpm
 631dfdb5d0fc43185af6084e17714ffb  corporate/3.0/RPMS/sendmail-cf-8.12.11-1.1.C30mdk.i586.rpm
 96b84769e995ac2595cb8d7ae4918b91  corporate/3.0/RPMS/sendmail-devel-8.12.11-1.1.C30mdk.i586.rpm
 58337a123a60b64e6f414de744959337  corporate/3.0/RPMS/sendmail-doc-8.12.11-1.1.C30mdk.i586.rpm
 3d46a60520cc65d595c17db6bae809c7  corporate/3.0/SRPMS/sendmail-8.12.11-1.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c22a4c20960c29b647532b4d966234b1  x86_64/corporate/3.0/RPMS/sendmail-8.12.11-1.1.C30mdk.x86_64.rpm
 ee7aad2adb440347519f5888200e923d  x86_64/corporate/3.0/RPMS/sendmail-cf-8.12.11-1.1.C30mdk.x86_64.rpm
 6d0b3c65952995c3f12b076134c8a8e8  x86_64/corporate/3.0/RPMS/sendmail-devel-8.12.11-1.1.C30mdk.x86_64.rpm
 c2e31e2fa472f4bb34db27526c25cc92  x86_64/corporate/3.0/RPMS/sendmail-doc-8.12.11-1.1.C30mdk.x86_64.rpm
 3d46a60520cc65d595c17db6bae809c7  x86_64/corporate/3.0/SRPMS/sendmail-8.12.11-1.1.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 d1f8e453ab9456d0bb7f34acf1388d3c  mnf/2.0/RPMS/sendmail-8.12.11-1.1.M20mdk.i586.rpm
 6b0f02721103c1b25622e3d54e474c19  mnf/2.0/RPMS/sendmail-cf-8.12.11-1.1.M20mdk.i586.rpm
 03f66672c6792fcf40d84a1dc4b686ef  mnf/2.0/RPMS/sendmail-devel-8.12.11-1.1.M20mdk.i586.rpm
 b966f80b82cd054474ec43e9ff3be679  mnf/2.0/RPMS/sendmail-doc-8.12.11-1.1.M20mdk.i586.rpm
 244093bf42df7c6db16246c56b7e6495  mnf/2.0/SRPMS/sendmail-8.12.11-1.1.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.