OpenPKG Corporation → Security → Security Advisories

OpenPKG Security Advisory

OpenPKG-SA-2003.041

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2003.041
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2003.041
Advisory Published:      2008-11-21 23:10 UTC

Issue Id (internal):     OpenPKG-SI-20030919.01
Issue First Created:     2003-09-19
Issue Last Modified:     2006-11-28
Issue Revision:          06


Subject Name:            Sendmail
Subject Summary:         Mail Transfer Agent
Subject Home:            http://www.sendmail.org/
Subject Versions:        * <= 8.12.9

Vulnerability Id:        CVE-2003-0694, CVE-2003-0681
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           remote network
Attack Impact:           privilege escalation

Description:
    According to a confirmed [1] security advisory from Michal Zalewski
    [2], a remotely exploitable vulnerability exists in all versions
    prior to 8.12.10 of the Sendmail [0] MTA. An error in its prescan()
    function could allow an attacker to write past the end of a buffer,
    corrupting memory structures. Depending on platform and operating
    system architecture, the attacker may be able to execute arbitrary
    code with a specially crafted email message.
    
    The email attack vector is message-oriented as opposed to
    connection-oriented. This means that the vulnerability is triggered
    by the contents of a specially crafted email message rather than by
    lower-level network traffic.
    
    Additionally, we have included a fix for a potential buffer overflow
    in Sendmail's ruleset parsing. This problem is not exploitable in the
    default Sendmail configuration; it is exploitable only if non-standard
    rulesets recipient (2), final (4), or mailer-specific envelope
    recipients rulesets are used. CVE-2003-0681

References:
    [0]  http://www.sendmail.org/
    [1]  http://www.sendmail.org/8.12.10.html
    [2]  http://www.securityfocus.com/archive/1/337839/2003-09-16/2003-09-22/0
    [3]  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0694
    [4]  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0681
    [5]  http://www.openpkg.org/tutorial.html#regular-source
    [6]  http://www.openpkg.org/tutorial.html#regular-binary
    [7]  ftp://ftp.openpkg.org/release/1.2/UPD/sendmail-8.12.7-1.2.4.src.rpm
    [8]  ftp://ftp.openpkg.org/release/1.3/UPD/sendmail-8.12.9-1.3.1.src.rpm
    [9]  ftp://ftp.openpkg.org/release/1.2/UPD/
    [10] ftp://ftp.openpkg.org/release/1.3/UPD/
    [11] http://www.openpkg.org/security.html#signature


Primary Package Name:    sendmail
Primary Package Home:    http://openpkg.org/go/package/sendmail

Affected Distribution:   Affected Branch:  Affected Package:
OpenPKG Community        1.2-SOLID         sendmail-8.12.7-1.2.3
OpenPKG Community        1.3-SOLID         sendmail-8.12.9-1.3.0
OpenPKG Community        CURRENT           sendmail-8.12.9-20030801

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Community        1.2-SOLID         sendmail-8.12.7-1.2.4
OpenPKG Community        1.3-SOLID         sendmail-8.12.9-1.3.1
OpenPKG Community        CURRENT           sendmail-8.12.10-20030917

→ Plain Text Version

Latest Advisories:
2007.023 perl
2007.022 bind
2007.021 wordpress
2007.020 php
2007.019 php
2007.018 freetype
2007.017 ratbox
2007.016 gd
2007.015 quagga
2007.014 bind
→ more...

Validation: XHTML | CSS

Organisations
Products
- OpenPKG Community
- Features
- Technology Pitch
- Package Database
- Registration
  - Registration Overview
  - Registry Service
- Download
  - Download Policy
  - Download Service
- Sales
  - Request
Services
Security
Documentation
- Flyer
- Presentation
- Showcase
- Article
- Thesis
- Tutorial
- Packaging
- F.A.Q
Community
My OpenPKG