Sendmail mail header processing buffer overflow

sendmail-header-processing-bo (10748) The risk level is classified as HighHigh Risk

Description:

Sendmail is vulnerable to a static buffer overflow in the code that processes mail header fields. By sending an email with a specially-crafted "From", "To", or "CC" header field, a remote attacker could bypass the "skipping" mode email header check and overflow a buffer to gain root access to the affected system.


Consequences:

Gain Access

Remedy:

For vulnerability detection:

Enable the following checks in the ISS Protection Platform:
sendmail-header-processing-bo

For Virtual Patch:

Enable the following checks in the ISS Protection Platform:
SMTP_Sendmail_Header_Parse_Overflow

Block or restrict the following in the ISS Protection Platform as appropriate to the environment:
Port 25

For Manual Protection:

Upgrade to the latest version of Sendmail (8.12.8 or later), or apply the appropriate patch for your system, available from the Sendmail Web site. See References.

For SGI IRIX:
Upgrade to the latest version of IRIX (6.5.20 or later), or apply the appropriate patch for your system, as listed in SGI Security Advisory 20030301-01-P. See References.

For Red Hat Linux:
Upgrade to the latest sendmail package, as listed below. Refer to RHSA-2003:073-06 for more information. See References.

Red Hat 6.2: 8.11.6-1.62.2 or later
Red Hat 7.0: 8.11.6-23.70 or later
Red Hat 7.1: 8.11.6-23.71 or later
Red Hat 7.2: 8.11.6-23.72 or later
Red Hat 7.3: 8.11.6-23.73 or later
Red Hat 8.0: 8.12.8-1.80 or later

For FreeBSD:
Upgrade to the latest version of FreeBSD (4-STABLE or later) or to the (RELENG_5_0, RELENG_4_7, or RELENG_4_6 dated after 2003-03-03 security branch), as listed in FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail .smrsh. See References.

For Mandrake Linux:
Upgrade to the latest sendmail package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2003:028 for more information. See References.

Linux-Mandrake 7.2: 8.11.0-4.2mdk or later
Mandrake Linux 8.0 and 8.1: 8.11.6-4.4mdk or later
Mandrake Linux 8.2: 8.12.1-4.2mdk or later
Mandrake Linux 9.0 and Corporate Server 2.1: 8.12.6-3.2mdk or later

For Conectiva Linux:
Upgrade to the latest sendmail package, as listed below. Refer to Conectiva Linux Announcement CLSA-2003:571 for more information. See References.

Conectiva Linux 6.0: 8.11.6-1U60_3cl or later
Conectiva Linux 7.0: 8.11.6-1U70_3cl or later
Conectiva Linux 8.0: 8.11.6-2U80_3cl or later

For SuSE Linux:
Upgrade to the latest sendmail package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2003:013 for more information. See References.

SuSE Linux 8.1 (Intel): 8.12.6-91 or later
SuSE Linux 8.0 (Intel): 8.12.3-72 or later
SuSE Linux 7.3 (Intel): 8.11.6-162 or later
SuSE Linux 7.3 (Sparc): 8.11.6-63 or later
SuSE Linux 7.3 (PPC): 8.11.6-120 or later
SuSE Linux 7.2 (Intel): 8.11.3-106 or later
SuSE Linux 7.1 (Intel): 8.11.2-44 or later
SuSE Linux 7.1 (AXP): 8.11.2-30 or later
SuSE Linux 7.1 (PPC): 8.11.2-33 or later

For Debian GNU/Linux:
Upgrade to the latest sendmail package, as listed below. Refer to DSA-257-1 for more information. See References.

Debian GNU/Linux 2.2 (potato): 8.9.3-25 or later
Debian GNU/Linux 3.0 (woody): 8.12.3-5 or later

For Gentoo Linux:
Upgrade to the latest version of sendmail (8.12.8 or later), as listed in Gentoo Linux Security Announcement 200303-4. See References.

For NetBSD-current:
Upgrade to the latest version of NetBSD-current (dated 2003-03-04 or later), as listed in NetBSD Security Advisory 2003-002. See References.

For NetBSD 1.6:
Upgrade to the latest version of NetBSD 1.6 (dated 2003-03-04 or later), as listed in NetBSD Security Advisory 2003-002. See References.

For NetBSD 1.5, 1.5.1, 1.5.2, or 1.5.3:
Upgrade to the latest version of the NetBSD 1.5 branch (dated 2003-03-04 or later), as listed in NetBSD Security Advisory 2003-002. See References.

For Apple Mac OS X:
Apply the Mac OS X Server Update 10.2.4, as listed in AppleCare Knowledge Base Document 120195. See References.

For HP Tru64 UNIX:
Apply the appropriate Early Release Patches (ERPs) for your system, as listed in the Hewlett-Packard Company Security Bulletin HPSBUX0302-246. See References.

For HP AlphaServer SC (Sierra Cluster):
Contact Hewlett-Packard Support for information on obtaining Early Release Patches (ERPs) for your system. Refer to Hewlett-Packard Company Security Bulletin HPSBUX0302-246 for more information. See References.

For HP-UX:
Download and install the appropriate sendmail file for your system, as listed below. Refer to Hewlett-Packard Company Security Bulletin HPSBUX0302-246 for more information. See References.

HP-UX 10.10: follow the instructions listed in the advisory
HP-UX 10.20: PHNE_28760
HP-UX 11.00: PHNE_28809 and install the Web upgrade
HP-UX 11.04: PHNE_29526
HP-UX 11.11: PHNE_28810 and install the Web upgrade
HP-UX 11.22: PHNE_28409

For IBM AIX:
Apply the appropriate APAR for your system, as listed below. Refer to IBM SECURITY ADVISORY Fri Feb 21 11:00:00 CST 2003 for more information. See References.

AIX 5.2.0: IY40502
AIX 5.1.0: IY40501
AIX 4.3.3: IY40500

For OpenPKG:
Upgrade to the latest sendmail package, as listed below. Refer to OpenPKG Security Advisory OpenPKG-SA-2003.016 for more information. See References.

OpenPKG CURRENT: 8.12.8-20030304 or later
OpenPKG 1.2: 8.12.7-1.2.1 or later

For Sun Solaris:
Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 51181 for more information. See References.

SPARC:
Solaris 2.6: 105395-08 or later
Solaris 7: 107684-08 or later
Solaris 8: 110615-08 or later
Solaris 9: 113575-03 or later

x86:
Solaris 2.6: 105396-08 or later
Solaris 7: 107685-08 or later
Solaris 8: 110616-08 or later
Solaris 9: 114137-02 or later

For Caldera UnixWare 7.1.1, 7.1.3, and OpenUnix 8.0.0:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory CSSA-2003-SCO.5. See References.

For Caldera UnixWare 7.1.1, 7.1.3, and OpenUnix 8.0.0:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory CSSA-2003-SCO.5. See References.

For Caldera OpenServer 5.0.5, 5.0.6 and 5.0.7:
Upgrade to the latest sendmail packages (8.11.0a or later), as listed in Caldera International, Inc. Security Advisory CSSA-2003-SCO.6. See References.

For Sun Linux 5.0, Sun Cobalt RaQ 3, Sun Cobalt RaQ 4, Sun Cobalt RaQ XTR, Sun Cobalt Qube 3 and Sun Cobalt RaQ 550:

Apply the appropriate temporary patch for your system. Refer to Sun Alert ID: 51400 for more information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

Platforms Affected:

  • Compaq Tru64 4.0f
  • Compaq Tru64 4.0g
  • Compaq Tru64 5.0a
  • Compaq Tru64 5.1
  • Compaq Tru64 5.1a
  • Compaq Tru64 5.1b
  • Conectiva Linux 6.0
  • Conectiva Linux 7.0
  • Conectiva Linux 8.0
  • Debian Debian Linux 2.0
  • Debian Debian Linux 2.2
  • Debian Debian Linux 3.0
  • FreeBSD FreeBSD 4.0
  • FreeBSD FreeBSD 4.1
  • FreeBSD FreeBSD 4.1.1
  • FreeBSD FreeBSD 4.2
  • FreeBSD FreeBSD 4.3
  • FreeBSD FreeBSD 4.4
  • FreeBSD FreeBSD 4.5
  • FreeBSD FreeBSD 4.6
  • FreeBSD FreeBSD 4.6.1
  • FreeBSD FreeBSD 4.6.2
  • FreeBSD FreeBSD 4.7
  • Gentoo Linux
  • HP AlphaServer SC 2.5
  • HP HP-UX 10.20
  • HP HP-UX 11.00
  • HP HP-UX 11.04
  • HP HP-UX 11.11
  • HP HP-UX 11.22
  • IBM AIX 4.3
  • IBM AIX 5.1
  • IBM AIX 5.2
  • MandrakeSoft Mandrake Linux 7.2
  • MandrakeSoft Mandrake Linux 8.0 PPC
  • MandrakeSoft Mandrake Linux 8.0
  • MandrakeSoft Mandrake Linux 8.1 IA64
  • MandrakeSoft Mandrake Linux 8.1
  • MandrakeSoft Mandrake Linux 8.2 PPC
  • MandrakeSoft Mandrake Linux 8.2
  • MandrakeSoft Mandrake Linux 9.0
  • MandrakeSoft Mandrake Linux Corporate Server 1.0.1
  • MandrakeSoft Mandrake Linux Corporate Server 2.1
  • NetBSD NetBSD 1.5
  • NetBSD NetBSD 1.5.1
  • NetBSD NetBSD 1.5.2
  • NetBSD NetBSD 1.5.3
  • NetBSD NetBSD 1.6
  • NetBSD NetBSD CURRENT
  • Novell SuSE Linux Enterprise Server 7.0
  • OpenPKG OpenPKG 1.1
  • OpenPKG OpenPKG 1.2
  • OpenPKG OpenPKG CURRENT
  • RedHat Enterprise Linux 2.1 ES
  • RedHat Enterprise Linux 2.1 WS
  • RedHat Enterprise Linux 2.1 AS
  • RedHat Linux 6.2
  • RedHat Linux 7
  • RedHat Linux 7.1
  • RedHat Linux 7.1 for iSeries
  • RedHat Linux 7.1 for pSeries
  • RedHat Linux 7.2
  • RedHat Linux 7.3
  • RedHat Linux 8.0
  • RedHat Linux Advanced Workstation 2.1 Itanium
  • SCO Caldera OpenLinux Server 3.1
  • SCO Caldera OpenLinux Server 3.1.1
  • SCO Caldera OpenLinux Workstation 3.1
  • SCO Caldera OpenLinux Workstation 3.1.1
  • SCO Caldera OpenServer 5.0.5
  • SCO Caldera OpenServer 5.0.6
  • SCO Caldera OpenServer 5.0.7
  • SCO Caldera OpenUnix 8.0.0
  • SCO Caldera UnixWare 7.1.1
  • SCO Caldera UnixWare 7.1.3
  • Sendmail Sendmail 5.79
  • Sendmail Sendmail 8.10
  • Sendmail Sendmail 8.10.1
  • Sendmail Sendmail 8.10.2
  • Sendmail Sendmail 8.11
  • Sendmail Sendmail 8.11.1
  • Sendmail Sendmail 8.11.2
  • Sendmail Sendmail 8.11.3
  • Sendmail Sendmail 8.11.4
  • Sendmail Sendmail 8.11.5
  • Sendmail Sendmail 8.11.6
  • Sendmail Sendmail 8.12 Beta5
  • Sendmail Sendmail 8.12 Beta10
  • Sendmail Sendmail 8.12 Beta12
  • Sendmail Sendmail 8.12 Beta16
  • Sendmail Sendmail 8.12 Beta7
  • Sendmail Sendmail 8.12.0
  • Sendmail Sendmail 8.12.1
  • Sendmail Sendmail 8.12.2
  • Sendmail Sendmail 8.12.3
  • Sendmail Sendmail 8.12.4
  • Sendmail Sendmail 8.12.5
  • Sendmail Sendmail 8.12.6
  • Sendmail Sendmail 8.12.7
  • Sendmail Sendmail 8.8
  • Sendmail Sendmail 8.8.1
  • Sendmail Sendmail 8.8.2
  • Sendmail Sendmail 8.8.3
  • Sendmail Sendmail 8.8.4
  • Sendmail Sendmail 8.8.5
  • Sendmail Sendmail 8.8.8
  • Sendmail Sendmail 8.9.0
  • Sendmail Sendmail 8.9.1
  • Sendmail Sendmail 8.9.2
  • Sendmail Sendmail 8.9.3
  • SGI IRIX 6.5.19
  • Sun Cobalt CacheRaQ 3
  • Sun Cobalt CacheRaQ 4
  • Sun Cobalt Qube 3
  • Sun Cobalt RaQ 550
  • Sun Cobalt RaQ XTR
  • Sun Linux 5.0
  • Sun Solaris 2.6
  • Sun Solaris 7.0
  • Sun Solaris 8
  • Sun Solaris 9
  • SuSE Linux Enterprise Server 8
  • SUSE SuSE Linux 7.1
  • SUSE SuSE Linux 7.2
  • SUSE SuSE Linux 7.3
  • SUSE SuSE Linux 8.0
  • SUSE SuSE Linux 8.1
  • SuSE SuSE Linux Connectivity Server
  • SuSE SuSE Linux Database Server
  • SuSE SuSE Linux Firewall
  • SuSE SuSE Linux Office Server

Reported:

Mar 03, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page