Home page logo
/

bugtraq logo Bugtraq mailing list archives

Security Update: [CSSA-2003-SCO.6] OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : remote buffer overflow in sendmail (CERT CA-2003-07)
From: security () sco com
Date: Thu, 13 Mar 2003 09:57:17 -0800

To: bugtraq () securityfocus com announce () lists caldera com scoannmod () xenitec on ca

______________________________________________________________________________

                        SCO Security Advisory

Subject:                OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : remote buffer overflow in sendmail (CERT 
CA-2003-07)
Advisory number:        CSSA-2003-SCO.6
Issue date:             2003 March 12
Cross reference:
______________________________________________________________________________


1. Problem Description

        From CA-2003-07: Researchers at Internet Security Systems
        (ISS) have discovered a remotely exploitable vulnerability
        in sendmail. This vulnerability could allow an intruder to
        gain control of a vulnerable sendmail server.


2. Vulnerable Supported Versions

        System                          Vulnerable Versions
        ----------------------------------------------------------------------
        OpenServer 5.0.5                previous to sendmail 8.11.0a
        OpenServer 5.0.6                previous to sendmail 8.11.0a
        OpenServer 5.0.7                previous to sendmail 8.11.0a


3. Solution

        The proper solution is to install the latest packages.


4. OpenServer 5.0.5

        4.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6


        4.2 Verification

        MD5 (sendmail.506.tar) = da105d0a82313ed19bc10b515467e93f

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the sendmail.506.tar file to the /tmp directory
           (OpenServer 5.0.5 uses the 5.0.6 tar image)

        2) Extract the files from the tar archive:
                cd /tmp; tar xvf sendmail.506.tar

        3) Run the custom command, specify an install from media
           images, and specify the /tmp directory as the location of
           the images.


5. OpenServer 5.0.6

        5.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6


        5.2 Verification

        MD5 (sendmail.506.tar) = da105d0a82313ed19bc10b515467e93f

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        5.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the sendmail.506.tar file to the /tmp directory

        2) Extract the files from the tar archive:
                cd /tmp; tar xvf sendmail.506.tar

        3) Run the custom command, specify an install from media
           images, and specify the /tmp directory as the location of
           the images.


6. OpenServer 5.0.7

        6.1 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6


        6.2 Verification

        MD5 (sendmail.507.tar) = 807f1fa8d15a3361a589119bfca18533

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        6.3 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1) Download the sendmail.507.tar file to the /tmp directory

        2) Extract the files from the tar archive:
                cd /tmp; tar xvf sendmail.507.tar

        3) Run the custom command, specify an install from media
           images, and specify the /tmp directory as the location of
           the images.


7. References

        Specific references for this advisory:

                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337
                http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
                http://www.cert.org/advisories/CA-2003-07.html
                http://www.kb.cert.org/vuls/id/398025
                http://www.sendmail.org/8.12.8.html

        SCO security resources:

                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr875284, fz527484,
        erg712247.


8. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


9. Acknowledgements

        Internet Security Systems, Inc. discovered and researched
        this vulnerability.

______________________________________________________________________________

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Security Update: [CSSA-2003-SCO.6] OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : remote buffer overflow in sendmail (CERT CA-2003-07) security (Mar 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]