__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Red Hat Updated Sendmail packages fix vulnerability [Red Hat Security Advisory RHSA-2003:265-05] August 28, 2003 17:00 GMT Number N-138 ______________________________________________________________________________ PROBLEM: A vunlerability in the handling of DNS maps has been identified. PLATFORM: Red Hat Linux 8, 9 DAMAGE: A remote attacker can exploit the vulnerability in the handling of DNS maps in Sendmail 8.12 versions before 8.12.9 to crash the instance of Sendmail dealing with the request. SOLUTION: Apply patches as stated in Red Hat's Notification. ______________________________________________________________________________ VULNERABILITY The risk is LOW. Red Hat believes that the nature of this ASSESSMENT: vulnerability would make remote exploitation of this issue difficult, if at all possible. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/n-138.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2003-265.html ______________________________________________________________________________ [***** Start Red Hat Security Advisory RHSA-2003:265-05 *****] Updated Sendmail packages fix vulnerability. Advisory: RHSA-2003:265-05 Last updated on: 2003-08-28 Affected Products: Red Hat Linux 8.0 Red Hat Linux 9 CVEs (cve.mitre.org): CAN-2003-0688 Security Advisory Details: Updated Sendmail packages are available to fix a vulnerability in the handling of DNS maps. Sendmail is a widely used Mail Transport Agent (MTA) which is included in all Red Hat Linux distributions. A bug has been discovered in the handling of DNS maps in Sendmail 8.12 versions before 8.12.9. A remote attacker can exploit this issue to crash the instance of Sendmail dealing with the request. We believe that the nature of the bug would make remote exploitation of this issue difficult, if at all possible. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0688 to this issue. Red Hat Linux 8.0 and 9 include versions of Sendmail vulnerable to this issue, however it only affects sites that use DNS maps through the "enhdnsbl" feature. Sendmail users that have enabled DNS maps are advised to update to the packages contained within this erratum which include a backported patch to correct this vulnerability. Red Hat would like to thank the Sendmail security team for notifying us of this issue. Updated packages: Red Hat Linux 8.0 ------------------------------------------------------------------------------ SRPMS: sendmail-8.12.8-6.80.src.rpm [ via FTP ] [ via HTTP ] ac5560196623e14a9b13c6762ca5ca16 i386: sendmail-8.12.8-6.80.i386.rpm [ via FTP ] [ via HTTP ] 44a2c0236d7ddab1e78f516a77e0ada7 sendmail-cf-8.12.8-6.80.i386.rpm [ via FTP ] [ via HTTP ] e747860a6f3be7656b8825e2347fb630 sendmail-devel-8.12.8-6.80.i386.rpm [ via FTP ] [ via HTTP ] 2468060ef217ed6744ada284f71e43f9 sendmail-doc-8.12.8-6.80.i386.rpm [ via FTP ] [ via HTTP ] e47b1bb2393e310e70d0ea1a6aa825a5 Red Hat Linux 9 ------------------------------------------------------------------------------ SRPMS: sendmail-8.12.8-6.90.src.rpm [ via FTP ] [ via HTTP ] 2e798f9d4b87a136fd4e2b0800635551 i386: sendmail-8.12.8-6.90.i386.rpm [ via FTP ] [ via HTTP ] b449795ddf270ad3e7f5e0b1d3cdd7e4 sendmail-cf-8.12.8-6.90.i386.rpm [ via FTP ] [ via HTTP ] bc273f94312c562f4ed4eeac32282208 sendmail-devel-8.12.8-6.90.i386.rpm [ via FTP ] [ via HTTP ] 95ee5dff8fb357dab99a5d30d6e5704e sendmail-doc-8.12.8-6.90.i386.rpm [ via FTP ] [ via HTTP ] ee6a858f44090dfd8aadb797a0135ace Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Bugs fixed: (see bugzilla for more information) 103068 - CAN-2003-0688 sendmail remote random free() References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0688 http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/54367 [***** End Red Hat Security Advisory RHSA-2003:265-05 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) N-128: Oracle Buffer Overflow in E-Business Suite N-129: Oracle Unauthorized Disclosure of Information in E-Business Suite N-130: SGI IRIX nsd Server AUTH_UNIX gid list Vulnerability N-131: Sun Solaris Runtime Linker ld.so.1(1) Vulnerability N-132: Red Hat wu-ftpd Buffer Overflow Vulnerability N-133: Blaster Worm (aka: W32.Blaster, MSBlast, Lovsan, Win32.Poza) N-134: Sun cachefs Patches May Overwrite inetd.conf File N-135: Microsoft Cumulative Patch for Internet Explorer N-136: Microsoft Unchecked Buffer in MDAC Function Vulnerability N-137: Red Hat Updated pam_smb packages fix remote buffer overflow