The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Update: [CSSA-2003-SCO.6] OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : remote buffer overflow in sendmail (CERT CA-2003-07)


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Thu, 13 Mar 2003 09:57:17 -0800
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2003-SCO.6] OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : remote buffer overflow in sendmail (CERT CA-2003-07)

--82I3+IH0IqGh5yIs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: [email protected] [email protected] [email protected]

______________________________________________________________________________

			SCO Security Advisory

Subject:		OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : remote buffer overflow in sendmail (CERT CA-2003-07)
Advisory number: 	CSSA-2003-SCO.6
Issue date: 		2003 March 12
Cross reference:
______________________________________________________________________________


1. Problem Description

	From CA-2003-07: Researchers at Internet Security Systems
	(ISS) have discovered a remotely exploitable vulnerability
	in sendmail. This vulnerability could allow an intruder to
	gain control of a vulnerable sendmail server.


2. Vulnerable Supported Versions

	System				Vulnerable Versions
	----------------------------------------------------------------------
	OpenServer 5.0.5		previous to sendmail 8.11.0a
	OpenServer 5.0.6		previous to sendmail 8.11.0a
	OpenServer 5.0.7		previous to sendmail 8.11.0a


3. Solution

	The proper solution is to install the latest packages.


4. OpenServer 5.0.5

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6


	4.2 Verification

	MD5 (sendmail.506.tar) = da105d0a82313ed19bc10b515467e93f

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the sendmail.506.tar file to the /tmp directory
	   (OpenServer 5.0.5 uses the 5.0.6 tar image)

	2) Extract the files from the tar archive:
		cd /tmp; tar xvf sendmail.506.tar

	3) Run the custom command, specify an install from media
	   images, and specify the /tmp directory as the location of
	   the images.


5. OpenServer 5.0.6

	5.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6


	5.2 Verification

	MD5 (sendmail.506.tar) = da105d0a82313ed19bc10b515467e93f

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	5.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the sendmail.506.tar file to the /tmp directory

	2) Extract the files from the tar archive:
		cd /tmp; tar xvf sendmail.506.tar

	3) Run the custom command, specify an install from media
	   images, and specify the /tmp directory as the location of
	   the images.


6. OpenServer 5.0.7

	6.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6


	6.2 Verification

	MD5 (sendmail.507.tar) = 807f1fa8d15a3361a589119bfca18533

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	6.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the sendmail.507.tar file to the /tmp directory

	2) Extract the files from the tar archive:
		cd /tmp; tar xvf sendmail.507.tar

	3) Run the custom command, specify an install from media
	   images, and specify the /tmp directory as the location of
	   the images.


7. References

	Specific references for this advisory:

		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337
		http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
		http://www.cert.org/advisories/CA-2003-07.html
		http://www.kb.cert.org/vuls/id/398025
		http://www.sendmail.org/8.12.8.html

	SCO security resources:

		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr875284, fz527484,
	erg712247.


8. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


9. Acknowledgements

	Internet Security Systems, Inc. discovered and researched
	this vulnerability.

______________________________________________________________________________

--82I3+IH0IqGh5yIs
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj5wxn0ACgkQaqoBO7ipriGFTQCgl+oHUwQyHmiTvNacaAT0Evv6
QNYAn1YlH9FP1SLXKYUBPp/4CtoqoCAL
=qoHO
-----END PGP SIGNATURE-----

--82I3+IH0IqGh5yIs--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру