Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2003-SCO.5] UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : remote buffer overflow in sendmail (CERT CA-2003-07)
From: security () sco com
Date: Fri, 7 Mar 2003 15:51:59 -0800

To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca

______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : remote buffer overflow in sendmail (CERT 
CA-2003-07)
Advisory number:        CSSA-2003-SCO.5
Issue date:             2003 March 07
Cross reference:
______________________________________________________________________________


1. Problem Description

        From CA-2003-07: Researchers at Internet Security Systems
        (ISS) have discovered a remotely exploitable vulnerability
        in sendmail. This vulnerability could allow an intruder to
        gain control of a vulnerable sendmail server.


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.1                  /usr/lib/sendmail
        Open UNIX 8.0.0                 /usr/lib/sendmail
        UnixWare 7.1.3                  /usr/lib/sendmail


3. Solution

        The proper solution is to install the latest packages.


4. UnixWare 7.1.1

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5


        4.2 Verification

        MD5 (ptf7130e.pkg.Z) = b1288b52f180c9642e03166d1575de75

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download ptf7130e.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/ptf7130e.pkg.Z
        # pkgadd -d /var/spool/pkg/ptf7130e.pkg


5. Open UNIX 8.0.0

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5


        5.2 Verification

        MD5 (erg712247.pkg.Z) = d77109c8836142c5327ed1fc5f82e252

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712247.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712247.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712247.pkg


6. UnixWare 7.1.3

        6.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5


        6.2 Verification

        MD5 (erg712247.pkg.Z) = d77109c8836142c5327ed1fc5f82e252

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        6.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        Download erg712247.pkg.Z to the /var/spool/pkg directory

        # uncompress /var/spool/pkg/erg712247.pkg.Z
        # pkgadd -d /var/spool/pkg/erg712247.pkg


7. References

        Specific references for this advisory:

                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337
                http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
                http://www.cert.org/advisories/CA-2003-07.html
                http://www.kb.cert.org/vuls/id/398025
                http://www.sendmail.org/8.12.8.html

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr875284, fz527484,
        erg712247.


8. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


9. Acknowledgements

        Internet Security Systems, Inc. discovered and researched
        this vulnerability.

______________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2003-SCO.5] UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 : remote buffer overflow in sendmail (CERT CA-2003-07) security (Mar 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault