-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : Multiple Vulnerabilities in Sendmail Advisory number: SCOSA-2004.11 Issue date: 2004 July 28 Cross reference: sr876461 fz527630 erg712277 CAN-2003-0161 CA-2003-12 sr884730 fz528323 erg712435 CAN-2003-0694 CA-2003-25 ______________________________________________________________________________ 1. Problem Description CERT Advisory CA-2003-12 There is a vulnerability in sendmail that can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0161 to this issue. CERT Advisory CA-2003-25 The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0694 to this issue. 2. Vulnerable Supported Versions System Binaries ---------------------------------------------------------------------- OpenServer 5.0.6 Sendmail distribution OpenServer 5.0.7 Sendmail distribution 3. Solution The proper solution is to install the latest packages. 4. OpenServer 5.0.6 4.1 First install OSS646B or later - Execution Environment Supplement ftp://ftp.sco.com/pub/openserver5/oss646b 4.2 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11 4.3 Verification MD5 (VOL.000.000) = ff18b1666956ea57c9d54008c6ee9444 md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.4 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to a directory 2) Run the custom command, specify an install from media images, and specify the directory as the location of the images. 5. OpenServer 5.0.7 5.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11 The fixes are also available in SCO OpenServer Release 5.0.7 Maintenance Pack 3 or later. See http://www.sco.com/support/update/download/osr507list.html. 5.2 Verification MD5 (VOL.000.000) = ff18b1666956ea57c9d54008c6ee9444 MD5 (507mp3_vol.tar) = c927aefdd50b50aca5d29e08c1562aec md5 is available for download from ftp://ftp.sco.com/pub/security/tools 5.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to a directory 2) Run the custom command, specify an install from media images, and specify the directory as the location of the images. Or see the Maintenance Pack 3 Release and Installation Notes at ftp://ftp.sco.com/pub/openserver5/507/mp/mp3/osr507mp3.txt 6. References Specific references for this advisory: http://www.cert.org/advisories/CA-2003-12.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161 http://www.kb.cert.org/vuls/id/897604 http://www.cert.org/advisories/CA-2003-25.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694 http://www.kb.cert.org/vuls/id/784980 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr876461 fz527630 erg712277 sr884730 fz528323 erg712435. 7. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 8. Acknowledgments Michal Zalewski discovered and researched these issues. Thanks to Eric Allman, Claus Assmann, Greg Shapiro, and Dave Anderson of Sendmail ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (SCO/UNIX_SVR5) iD8DBQFBCAb4aqoBO7ipriERAsquAJ9NFvwPQpQmg0kRMbEnNX1pWrWPGACdGJld Wbk845/8qKPOvhdchD3oaHQ= =+V00 -----END PGP SIGNATURE-----