Just in case this got by any COL users.......... Begin forwarded message: Date: Sat, 25 Aug 2001 14:42:12 +0200 From: "Tom Beer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Fw: Security Update [CSSA-2001-032.0] Linux - sendmail instant root exploit > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ____________________________________________________________________________ __ > Caldera International, Inc. Security Advisory > > Subject: Linux - sendmail instant root exploit > Advisory number: CSSA-2001-032.0 > Issue date: 2001, August 24 > Cross reference: > ____________________________________________________________________________ __ > > > 1. Problem Description > > Sendmail contains an input validation error, so local users may be > able to write arbitrary data to process memory, possibly allowing the > execution of code/commands with elevated privileges. This allows > a local attacker to gain access to the root account. > > > 2. Vulnerable Versions > > System Package > ----------------------------------------------------------- > OpenLinux 2.3 not vulnerable > > OpenLinux eServer 2.3.1 not vulnerable > and OpenLinux eBuilder > > OpenLinux eDesktop 2.4 not vulnerable > > OpenLinux Server 3.1 All packages previous to > sendmail-8.11.1-4 > > OpenLinux Workstation 3.1 All packages previous to > sendmail-8.11.1-4 > > 3. Solution > > Workaround > > none > > The proper solution is to upgrade to the latest packages. > > 4. OpenLinux 2.3 > > not vulnerable > > 5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential 3.0 > > not vulnerable > > 6. OpenLinux eDesktop 2.4 > > not vulnerable > > 7. OpenLinux 3.1 Server > > 7.1 Location of Fixed Packages > > The upgrade packages can be found on Caldera's FTP site at: > > ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS > > The corresponding source code package can be found at: > > ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS > > 7.2 Verification > > b4fda9679325022adda547f1b3fae8dc RPMS/sendmail-8.11.1-4.i386.rpm > f3eaef00ae6a7cb30635baf6ad13325a RPMS/sendmail-cf-8.11.1-4.i386.rpm > 1f17f7fa698748eb5bc6e55951948451 RPMS/sendmail-doc-8.11.1-4.i386.rpm > c3f6af83c406174b325aa28af45c51ae SRPMS/sendmail-8.11.1-4.src.rpm > > > 7.3 Installing Fixed Packages > > Upgrade the affected packages with the following commands: > > rpm -Fvh sendmail-8.11.1-4.i386.rpm \ > sendmail-cf-8.11.1-4.i386.rpm \ > sendmail-doc-8.11.1-4.i386.rpm > > > 8. OpenLinux 3.1 Workstation > > 8.1 Location of Fixed Packages > > The upgrade packages can be found on Caldera's FTP site at: > > ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/RPMS > > The corresponding source code package can be found at: > > ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/current/SRPMS > > 8.2 Verification > > b4fda9679325022adda547f1b3fae8dc RPMS/sendmail-8.11.1-4.i386.rpm > f3eaef00ae6a7cb30635baf6ad13325a RPMS/sendmail-cf-8.11.1-4.i386.rpm > 1f17f7fa698748eb5bc6e55951948451 RPMS/sendmail-doc-8.11.1-4.i386.rpm > c3f6af83c406174b325aa28af45c51ae SRPMS/sendmail-8.11.1-4.src.rpm > > > 8.3 Installing Fixed Packages > > Upgrade the affected packages with the following commands: > > rpm -Fvh sendmail-8.11.1-4.i386.rpm \ > sendmail-cf-8.11.1-4.i386.rpm \ > sendmail-doc-8.11.1-4.i386.rpm > > 9. References > > This and other Caldera security resources are located at: > > http://www.caldera.com/support/security/index.html > > This security fix closes Caldera's internal Problem Report 10420. > > > 10. Acknowledgements > > Caldera International wishes to thank Cade Cairns of SecurityFocus for > spotting and reporting this bug. > > 11. Disclaimer > > Caldera International, Inc. is not responsible for the misuse of > any of the information we provide on this website and/or through our > security advisories. Our advisories are a service to our customers > intended to promote secure installation and use of Caldera OpenLinux. -- "Always remember, I have taken more out of alcohol than alcohol has taken out of me." --Winston Churchill _______________________________________________ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
