-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: sendmail, sendmail-tls
Announcement-ID: SuSE-SA:2003:040
Date: Saturday, Sep 20th 2003 18:00 MEST
Affected products: 7.2, 7.3, 8.0, 8.1, 8.2
SuSE Linux Database Server,
SuSE Linux Enterprise Server 7, 8
SuSE Linux Firewall on CD/Admin host
SuSE Linux Connectivity Server
SuSE Linux Office Server
Vulnerability Type: local/remote privilege escalation
Severity (1-10): 7
SuSE default package: yes (until SuSE Linux 8.0 and SLES7)
Cross References: CAN-2003-0694
CERT http://www.kb.cert.org/vuls/id/784980
http://www.securityfocus.com/archive/1/337839
http://www.sendmail.org/8.12.10.html
Content of this advisory:
1) security vulnerability resolved: sendmail, sendmail-tls
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds:
- mysql
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
sendmail is the most widely used mail transport agent (MTA) in the
internet. A remotely exploitable buffer overflow has been found in all
versions of sendmail that come with SuSE products. These versions include
sendmail-8.11 and sendmail-8.12 releases. sendmail is the MTA subsystem
that is installed by default on all SuSE products up to and including
SuSE Linux 8.0 and the SuSE Linux Enterprise Server 7.
The vulnerability discovered is known as the prescan()-bug and is not
related to the vulnerability found and fixed in April 2003. The error
in the code can cause heap or stack memory to be overwritten, triggered
by (but not limited to) functions that parse header addresses.
There is no known workaround for this vulnerability other than using a
different MTA. The vulnerability is triggered by an email message sent
through the sendmail MTA subsystem. In that respect, it is different
from commonly known bugs that occur in the context of an open TCP
connection. By consequence, the vulnerability also exists if email
messages get forwarded over a relay that itself does not run a vulnerable
MTA. This specific detail and the wide distribution of sendmail in the
internet causes this vulnerability to be considered a flaw of major
severity. We recommend to install the update packages that are provided
for download at the locations listed below.
We thank Michal Zalewski who discovered this vulnerability and the
friendly people from Sendmail Inc (Claus Assmann) who have communicated
problem to SuSE Security.
Please download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command "rpm -Fhv file.rpm" to apply
the update.
Our maintenance customers are being notified individually. The packages
are being offered to install from the maintenance web.
SPECIAL INSTALL INSTRUCTIONS:
==============================
After performing the update, it is necessary to restart all running
instances of sendmail using the command "rcsendmail restart" as root.
Intel i386 Platform:
SuSE-8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/sendmail-8.12.7-77.i586.rpm
98b411a03df3a657dcef79be8f5d1ab2
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/sendmail-devel-8.12.7-77.i586.rpm
59c84f025e29401fb798d3253a67bd70
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/sendmail-8.12.7-77.i586.patch.rpm
99c717aee89be0a9d791a48cec41a57d
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/sendmail-devel-8.12.7-77.i586.patch.rpm
9feac7f2b475531d07279a3606dd3b37
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/sendmail-8.12.7-77.src.rpm
ffb2d8b0fd28a9a5244f2696879f3762
SuSE-8.1:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/sendmail-8.12.6-159.i586.rpm
3b96f198fa7e9726e4e575444baa10d6
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/sendmail-devel-8.12.6-159.i586.rpm
0b56d4ac6453c5962bf9e9d363b83849
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/sendmail-8.12.6-159.i586.patch.rpm
92f7e4376ea2ed5f4f7652e3e47a7638
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/sendmail-devel-8.12.6-159.i586.patch.rpm
843a111a942d24a6380f91f7f21e9316
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/sendmail-8.12.6-159.src.rpm
d4a2d5463ef5bfcc5c36bd3b9da36271
SuSE-8.0:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/sendmail-8.12.3-78.i386.rpm
85d6d62eb31223c8bc607b65551ea024
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d4/sendmail-devel-8.12.3-78.i386.rpm
24d814266bf8c305dbd275009655f7e4
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/sendmail-8.12.3-78.i386.patch.rpm
7f384fedbc35b23d92da843e2fc38046
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d4/sendmail-devel-8.12.3-78.i386.patch.rpm
95de8a86f1dad5f1b3e28bb9cb40c02c
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/sendmail-8.12.3-78.src.rpm
92c4a75367211fb0b23b1706a2b893f1
SuSE-7.3:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/sendmail-8.11.6-167.i386.rpm
51d281703157e04e39e48f5b21cb1469
ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec2/sendmail-tls-8.11.6-169.i386.rpm
1131ad179e17de3c7d0a8d0a7a7e5348
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/sendmail-8.11.6-167.src.rpm
5c547ec8f50f6fa756e160063076365c
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/sendmail-tls-8.11.6-169.src.rpm
eb0a06b8a387297463cbccb639e5fb6f
SuSE-7.2:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/sendmail-8.11.3-112.i386.rpm
3bed3854baec797e2ff6d14f9582fcda
ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec2/sendmail-tls-8.11.3-116.i386.rpm
2713adc9c6feecc146a796034b3f7b98
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/sendmail-8.11.3-112.src.rpm
1b28f2aca4bb0b9231869267cbd4a06d
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/sendmail-tls-8.11.3-116.src.rpm
352f504b486334537d952aa90b82ac08
Sparc Platform:
SuSE-7.3:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/sendmail-8.11.6-67.sparc.rpm
24c874c51666ca5b9f5ce2a7431af63e
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec2/sendmail-tls-8.11.6-67.sparc.rpm
5d41fe793f6744e70f6bde005363884c
source rpm(s):
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/sendmail-8.11.6-67.src.rpm
7f27980cf2fb11453a80964355aaddbc
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/sendmail-tls-8.11.6-67.src.rpm
dda3511ac3f95af3623837e19b6a80f6
PPC Power PC Platform:
SuSE-7.3:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/sendmail-8.11.6-126.ppc.rpm
0442e3a7504bb4bb57e896fcd83e80b9
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec2/sendmail-tls-8.11.6-125.ppc.rpm
cbf8c7e5e9f61c3017ad5d80b7c4c76b
source rpm(s):
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/sendmail-8.11.6-126.src.rpm
47031fa3484a66081f623760fcf53dc1
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/sendmail-tls-8.11.6-125.src.rpm
9ce8128f4847f6fb0d8b0662f3145388
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- As already announced in SuSE-SA:2003:038 and SuSE-SA:2003:039, we are
working on update packages for the mysql buffer overflow vulnerability.
The packages will be made available as soon as possible.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SuSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum