OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 30-Mar-2003 14:08:52
Branch: HEAD Handle: 2003033013085100
Modified files:
openpkg-web/security OpenPKG-SA-2003.027-sendmail.txt
Log:
final polishing and signing
Summary:
Revision Changes Path
1.5 +16 -5 openpkg-web/security/OpenPKG-SA-2003.027-sendmail.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2003.027-sendmail.txt
============================================================================
$ cvs diff -u -r1.4 -r1.5 OpenPKG-SA-2003.027-sendmail.txt
--- openpkg-web/security/OpenPKG-SA-2003.027-sendmail.txt 30 Mar 2003 11:48:15
-0000 1.4
+++ openpkg-web/security/OpenPKG-SA-2003.027-sendmail.txt 30 Mar 2003 12:08:51
-0000 1.5
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -21,11 +24,12 @@
Michal Zalewski discovered [1] a confirmed [2] buffer overflow
vulnerability in all version of the Sendmail [0] MTA earlier than
8.12.9. The mail address parser performs insufficient bounds checking
- in certain conditions due to a data type conversion, making it
- possible for an attacker to take control of the application. Attackers
- may remotely exploit this vulnerability to gain "root" access of any
- vulnerable Sendmail server. The Common Vulnerabilities and Exposures
- (CVE) project assigned the id CAN-2003-0161 [3] to the problem.
+ in certain conditions due to a "char" to "int" data type conversion,
+ making it possible for an attacker to take control of the application.
+ Attackers may remotely exploit this vulnerability to gain "root"
+ access of any vulnerable Sendmail server. The Common Vulnerabilities
+ and Exposures (CVE) project assigned the id CAN-2003-0161 [3] to the
+ problem.
Please check whether you are affected by running "<prefix>/bin/rpm
-q sendmail". If you have the "sendmail" package installed and its
@@ -72,3 +76,10 @@
for details on how to verify the integrity of this advisory.
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQE+ht49gHWT4GPEy58RAq2UAJ44k457X1fl2F4tZ2sdwq5nc+fmPgCffGVw
+LwFN03HvcfBeu6v2+KBl6OY=
+=Mm4+
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
