Advisories

Mandriva Advisories

Package name	sendmail
Date	March 3rd, 2003
Advisory ID	MDKSA-2003:028
Affected versions	7.2, 8.0, 8.1, 8.2, 9.0, CS2.1
Synopsis	Updated sendmail packages fix remotely exploitable buffer overflow vulnerability

Problem Description

A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force
that involves mail header manipulation that can result in a remote
user gaining root access to the system running the vulnerable
sendmail.

Patches supplied by the sendmail development team have been applied to
correct this issue. MandrakeSoft encourages all users who have chosen
to use sendmail (as opposed to the default MTA, postfix) to upgrade to
this version of sendmail immediately.

Updated Packages

Mandrakelinux 7.2

 ffd7899291d6aba1753d996a44661ed2  7.2/RPMS/sendmail-8.11.0-4.2mdk.i586.rpm
47906b6c6ceffb16d9750b88eef18bd8  7.2/RPMS/sendmail-cf-8.11.0-4.2mdk.i586.rpm
f84955b5bf1b9d48804694fc8d9fa038  7.2/RPMS/sendmail-doc-8.11.0-4.2mdk.i586.rpm
524c8c9bab32697ca9d7be41b4b34dff  7.2/SRPMS/sendmail-8.11.0-4.2mdk.src.rpm

Mandrakelinux 8.0

 d8dd245a3fa0d5bd5910da8ed322e4b2  8.0/RPMS/sendmail-8.11.6-4.4mdk.i586.rpm
1c1fa1730c9689ef8ca2fa9b125dde41  8.0/RPMS/sendmail-cf-8.11.6-4.4mdk.i586.rpm
203198fe2cb9914d0f104c2ffa15061b  8.0/RPMS/sendmail-doc-8.11.6-4.4mdk.i586.rpm
2bd522ab0fad1734d2522547d6abe79f  8.0/SRPMS/sendmail-8.11.6-4.4mdk.src.rpm

Mandrakelinux 8.0/PPC

 49b589d9c1db215968698296b7e38949  ppc/8.0/RPMS/sendmail-8.11.6-4.4mdk.ppc.rpm
1f0dc78436c35f5397f25a331a6be784  ppc/8.0/RPMS/sendmail-cf-8.11.6-4.4mdk.ppc.rpm
beaa61eb5a224c67268f1ccbcaa27287  ppc/8.0/RPMS/sendmail-doc-8.11.6-4.4mdk.ppc.rpm
2bd522ab0fad1734d2522547d6abe79f  ppc/8.0/SRPMS/sendmail-8.11.6-4.4mdk.src.rpm

Mandrakelinux 8.1

 a8e8831e1333f53c4beaad484fba6d6b  8.1/RPMS/sendmail-8.11.6-4.4mdk.i586.rpm
07822e0924603156a328a5d71b35b006  8.1/RPMS/sendmail-cf-8.11.6-4.4mdk.i586.rpm
943676ff37789e3ed56c3feeb4b790c6  8.1/RPMS/sendmail-doc-8.11.6-4.4mdk.i586.rpm
2bd522ab0fad1734d2522547d6abe79f  8.1/SRPMS/sendmail-8.11.6-4.4mdk.src.rpm

Mandrakelinux 8.1/IA64

 67ff005b6eda2074f9c1fc61678eaec5  ia64/8.1/RPMS/sendmail-8.11.6-4.4mdk.ia64.rpm
a41192b0d1083047d2437209bc857d50  ia64/8.1/RPMS/sendmail-cf-8.11.6-4.4mdk.ia64.rpm
827a91f80a88f80f1662c8417c702b37  ia64/8.1/RPMS/sendmail-doc-8.11.6-4.4mdk.ia64.rpm
2bd522ab0fad1734d2522547d6abe79f  ia64/8.1/SRPMS/sendmail-8.11.6-4.4mdk.src.rpm

Mandrakelinux 8.2

 c106cd4223cb8defc0331b9ae203c712  8.2/RPMS/sendmail-8.12.1-4.2mdk.i586.rpm
199d6e0d6c5bd79d8bbbaf5482e472e6  8.2/RPMS/sendmail-cf-8.12.1-4.2mdk.i586.rpm
b70011d22c13c152d35f9c9572e57051  8.2/RPMS/sendmail-devel-8.12.1-4.2mdk.i586.rpm
865de74f4848e781071a4606a20e42b9  8.2/RPMS/sendmail-doc-8.12.1-4.2mdk.i586.rpm
5d251dd3fc01d98027820282c39a47c4  8.2/SRPMS/sendmail-8.12.1-4.2mdk.src.rpm

Mandrakelinux 8.2/PPC

 9b96aa12a5843801e3141ed2aa0bc8c9  ppc/8.2/RPMS/sendmail-8.12.1-4.2mdk.ppc.rpm
1b97053c396aadd596cc8111362938f8  ppc/8.2/RPMS/sendmail-cf-8.12.1-4.2mdk.ppc.rpm
0d8a132188f56a3a2b25a36b1fdf8cd0  ppc/8.2/RPMS/sendmail-devel-8.12.1-4.2mdk.ppc.rpm
911165311c20100dd0bd945fc7a8bac9  ppc/8.2/RPMS/sendmail-doc-8.12.1-4.2mdk.ppc.rpm
5d251dd3fc01d98027820282c39a47c4  ppc/8.2/SRPMS/sendmail-8.12.1-4.2mdk.src.rpm

Mandrakelinux 9.0

 cc5590958147fdc6d7cc6b6804e1c450  9.0/RPMS/sendmail-8.12.6-3.2mdk.i586.rpm
9ee215b8d3aa61a75d7bfa7236c89217  9.0/RPMS/sendmail-cf-8.12.6-3.2mdk.i586.rpm
31ee7452500bead59609119af17b6ebc  9.0/RPMS/sendmail-devel-8.12.6-3.2mdk.i586.rpm
bb8b7830640b3b0cbb3c471e60638d26  9.0/RPMS/sendmail-doc-8.12.6-3.2mdk.i586.rpm
7bf9dab89608b3ecae5574946c78dde8  9.0/SRPMS/sendmail-8.12.6-3.2mdk.src.rpm

Corporate Server 2.1

 cc5590958147fdc6d7cc6b6804e1c450  corporate/2.1/RPMS/sendmail-8.12.6-3.2mdk.i586.rpm
9ee215b8d3aa61a75d7bfa7236c89217  corporate/2.1/RPMS/sendmail-cf-8.12.6-3.2mdk.i586.rpm
31ee7452500bead59609119af17b6ebc  corporate/2.1/RPMS/sendmail-devel-8.12.6-3.2mdk.i586.rpm
bb8b7830640b3b0cbb3c471e60638d26  corporate/2.1/RPMS/sendmail-doc-8.12.6-3.2mdk.i586.rpm
7bf9dab89608b3ecae5574946c78dde8  corporate/2.1/SRPMS/sendmail-8.12.6-3.2mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337
http://www.kb.cert.org/vuls/id/398025
http://www.cert.org/advisories/CA-2003-07.html

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer