Date: Wed, 17 Sep 2003 20:53:03 -0700
From: Immunix Security Team <[email protected]>
To: [email protected]Subject: Immunix Secured OS 7+ sendmail update
--at6+YcpfzWZg/htY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
[From the Redundancy Department of Redundancy: When setting up an
out-of-office-autoreply, please configure it to NOT respond to
Precedence: bulk mail or other public mail lists. Thanks.]
-----------------------------------------------------------------------
Immunix Secured OS Security Advisory
Packages updated: sendmail
Affected products: Immunix OS 7+
Bugs fixed: CAN-2003-0681, CAN-2003-0694
Date: Wed Sep 17 2003
Advisory ID: IMNX-2003-7+-021-01
Author: Seth Arnold <[email protected]>
-----------------------------------------------------------------------
Description:
Michal Zalewski discovered flaws in sendmail's prescan() function.
prescan() is used sufficiently frequently in the sendmail sources that
it is not clear where the overflowed buffers are located in memory,
thus administrators should assume that StackGuard provides limited
coverage at best. This flaw is CAN-2003-0694.
Timo Sirainen has discovered CAN-2003-0681, "a potential buffer
overflow in ruleset parsing which is not exploitable in the default
sendmail configuration; only if non-standard rulesets recipient (2),
final (4), or mailer-specific envelope recipients rulesets are used
then a problem may occur."
Immunix would like to thank Claus Assmann, Ademar de Souza Reis Jr,
and Todd C. Miller.
Package names and locations:
Precompiled binary packages for Immunix 7+ are available at:
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/sendmail-8.11.6-3_i=
mnx_6.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/sendmail-cf-8.11.6-=
3_imnx_6.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/sendmail-doc-8.11.6=
-3_imnx_6.i386.rpm
A source package for Immunix 7+ is located here:
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/sendmail-8.11.6-3_=
imnx_6.src.rpm
Immunix OS 7+ md5sums:
cf0da9af59b3ce5ef3415ef165ed5acf RPMS/sendmail-8.11.6-3_imnx_6.i386.rpm
d7e44a404f9208d5d5e831146ebee81f RPMS/sendmail-cf-8.11.6-3_imnx_6.i386.rpm
580f5f35079dff0d523c79b8f903add0 RPMS/sendmail-doc-8.11.6-3_imnx_6.i386.r=
pm
3811d5cb46c9309ec7ebf894b4fb709e SRPMS/sendmail-8.11.6-3_imnx_6.src.rpm
GPG verification: =
=20
Our public keys are available at http://download.immunix.org/GPG_KEY
Immunix, Inc., has changed policy with GPG keys. We maintain several
keys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for
Immunix 7.3 package signing, and 1B7456DA for general security issues.
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
ImmunixOS 7.0 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact [email protected].
Immunix attempts to conform to the RFP vulnerability disclosure protocol
http://www.wiretrip.net/rfp/policy.html.
--at6+YcpfzWZg/htY
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj9pLB8ACgkQn5I6Lxt0VtqWZwCglMlyqjED80oOprNCtLTLiL8K
5YwAoKVLOKOm8t1SBlpzsYUgGOuuCz8t
=3McB
-----END PGP SIGNATURE-----
--at6+YcpfzWZg/htY--
