[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:36416] Forward: [SECURITY] [DSA-257-2] sendmail-wide remote exploit

From: Kenshi Muto <kmuto@xxxxxxxxxxxxxxx>
Subject: [debian-users:36416] Forward: [SECURITY] [DSA-257-2] sendmail-wide remote exploit
Date: Wed, 5 Mar 2003 08:17:48 +0900
List-help: <mailto:debian-users-ctl@debian.or.jp?body=help>
List-id: debian-users.debian.or.jp
List-owner: <mailto:debian-users-admin@debian.or.jp>
List-post: <mailto:debian-users@debian.or.jp>
List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-unsubscribe: <mailto:debian-users-ctl@debian.or.jp?body=unsubscribe>
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-users-ctl@debian.or.jp; help=<mailto:debian-users-ctl@debian.or.jp?body=help>
X-ml-name: debian-users
X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
X-spam-level:
X-spam-status: No, hits=-3.8 required=10.0 tests=ISO2022JP_BODY,MAILTO_WITH_SUBJ,PGP_SIGNATURE, SIGNATURE_SHORT_SPARSE,SPAM_PHRASE_00_01 version=2.44
X-virus-scanned: by AMaViS new-20020517
References: <20030304221019.GA1373@xxxxxxxxx>
Message-id: <20030304231746.1B0555381F@xxxxxxxxxxxxxxxxxxxxxx>
X-mail-count: 36416
User-agent: Wanderlust/2.9.15 (Unchained Melody) SEMI/1.14.4 (Hosorogi) FLIM/1.14.4 (Kashiharajing�-mae) APEL/10.4 MULE XEmacs/21.4 (patch 12) (Portable Code) (i386-debian-linux)

先のsendmail DSAに続き、sendmail-wideも修正されたものがリリースされま
した。

--- Begin Message ---

From: Wichert Akkerman <wichert@xxxxxxxxx>
Subject: [SECURITY] [DSA-257-2] sendmail-wide remote exploit
Date: Tue, 4 Mar 2003 23:10:19 +0100
Content-disposition: inline
List-help: <mailto:debian-security-announce-request@lists.debian.org?subject=help>
List-post: <mailto:debian-security-announce@lists.debian.org>
List-subscribe: <mailto:debian-security-announce-request@lists.debian.org?subject=subscribe>
List-unsubscribe: <mailto:debian-security-announce-request@lists.debian.org?subject=unsubscribe>
Old-return-path: <wichert@xxxxxxxxx>
Priority: urgent
Resent-date: Tue, 4 Mar 2003 16:10:25 -0600 (CST)
Resent-from: debian-security-announce@lists.debian.org
Resent-message-id: <af-zND.A.oJC.PRSZ-@murphy>
Resent-sender: debian-security-announce-request@lists.debian.org
X-debian: PGP check passed for security officers
X-loop: debian-security-announce@lists.debian.org
X-mailing-list: <debian-security-announce@lists.debian.org>
X-original-to: kmuto@xxxxxxxxxxxxxxx
X-spam-checker-version: SpamAssassin 2.50 (1.173-2003-02-20-exp)
X-spam-level:
X-spam-status: No, hits=-112.7 required=10.0 tests=PGP_SIGNATURE,USER_AGENT_MUTT,USER_IN_WHITELIST,X_LOOP, X_MAILING_LIST autolearn=ham version=2.50
X-virus-scanned: by AMaViS new-20020517
Message-id: <20030304221019.GA1373@xxxxxxxxx>
User-agent: Mutt/1.5.3i

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-257-2                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
March  4, 2003
- ------------------------------------------------------------------------


Package        : sendmail-wide
Problem type   : remote exploit
Debian-specific: no

This advisory is an addendum to DSA-257-1; the sendmail problem
discussed there also applies to the sendmail-wide packages.

Mark Dowd of ISS X-Force found a bug in the header parsing routines
of sendmail: it could overflow a buffer when encountering addresses
specially crafted addresses.

This has been fixed in version 8.9.3+3.2W-24 of the package for Debian
GNU/Linux 2.2/potato and version 8.12.3+3.5Wbeta-5.2 of the package
for Debian GNU/Linux 3.0/woody.

- ------------------------------------------------------------------------

Obtaining updates:

  By hand:
    wget URL
        will fetch the file for you.
    dpkg -i FILENAME.deb
        will install the fetched file.

  With apt:
    deb http://security.debian.org/ stable/updates main
        added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at http://www.debian.org/security/

- ------------------------------------------------------------------------


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At
  this moment updates for the arm architecture are not yet available.


  Source archives:

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24.dsc
      Size/MD5 checksum:      541 c93cca69438ee75976517187d4f8d664
    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24.tar.gz
      Size/MD5 checksum:  1272761 2905292d7c17de5a1ae31d2ebf5c344c

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_alpha.deb
      Size/MD5 checksum:   302696 87b2cce86f430f8825439ecab1a405f8

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_i386.deb
      Size/MD5 checksum:   217618 7da2aeb124ff0da6a596b429a64415ab

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_m68k.deb
      Size/MD5 checksum:   202468 f66310eab0cca7ba0dcc6f55407a6359

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_powerpc.deb
      Size/MD5 checksum:   242646 7887c26fb5b701f56b9f4836e50f152d

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_sparc.deb
      Size/MD5 checksum:   236450 ef7e06fe112024b51a09857da19c7139


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel,
  powerpc, s390 and sparc. 


  Source archives:

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2.dsc
      Size/MD5 checksum:      738 13e84b5fad4146ae8b09a3c53def1425
    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta.orig.tar.gz
      Size/MD5 checksum:  1870451 4c7036e8042bae10a90da4a84a717963
    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2.diff.gz
      Size/MD5 checksum:   324768 d97da94eafadfb9c31dd7678fbb39c62

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_alpha.deb
      Size/MD5 checksum:   440346 481ec19be09824cb2394b990149396db

  arm architecture (ARM)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_arm.deb
      Size/MD5 checksum:   369224 708693168ed3f0268fc9b346d4ffae13

  hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_hppa.deb
      Size/MD5 checksum:   413364 9bb9609e2f215e5f42e3c540563fc12e

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_i386.deb
      Size/MD5 checksum:   328606 c76a156b74928a1ba796a3a3b48d7423

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_ia64.deb
      Size/MD5 checksum:   574706 d1a2522112c46ff60d1cbaefdb49e2d7

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_m68k.deb
      Size/MD5 checksum:   300600 6688599f9af8d95b174916283b28289b

  mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_mips.deb
      Size/MD5 checksum:   378150 facb8c33943fa62c88713021a351e79c

  mipsel architecture (MIPS (Little Endian))

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_mipsel.deb
      Size/MD5 checksum:   380108 867a14a01572fb747d81932b7106a429

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_powerpc.deb
      Size/MD5 checksum:   362674 5380a764a53eca533a709ad631fba0d8

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_s390.deb
      Size/MD5 checksum:   354562 6a21b7f3ced620789e35df583d6411fd

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_sparc.deb
      Size/MD5 checksum:   355768 36c642bd24104fb94f33a8680af0058b

- -- 
- ----------------------------------------------------------------------------
Debian Security team <team@security.debian.org>
http://www.debian.org/security/
Mailing-List: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+ZSRGPLiSUC+jvC0RAkkMAJ9IMxK9Ri7SVLXMTSUzYAd4pNsXOACaAqzI
ksEFST4goCzXUEQ2R6OSRs0=
=ZLN4
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

--- End Message ---

Follow-Ups:
- [debian-users:36421] sendmail-wide still needed? (Re: Forward: [SECURITY] [DSA-257-2] sendmail-wide remote exploit)
  - From: Fumitoshi UKAI

Prev by Date: [debian-users:36415] Re: sendmail
Next by Date: [debian-users:36417] Re: sendmail
Previous by thread: [debian-users:36414] Re: 反応がないBTSの場合
Next by thread: [debian-users:36421] sendmail-wide still needed? (Re: Forward: [SECURITY] [DSA-257-2] sendmail-wide remote exploit)
Index(es):
- Date
- Thread