| 枫林在线论坛精华区>>信息安全 |
| [101903] 主题: [SECURITY]New sendmail packages fix buffer overflows |
| 作者: guaiguai520. (guaiguai520.) | ||
| 标题: [SECURITY]New sendmail packages fix buffer overflows[转载] | ||
| 来自: 202.112.*.* | ||
| 发贴时间: 2003年09月19日 08:26:11 | ||
| 长度: 10322字 | ||
|
发信人:guaiguai520@smth.org (乖乖),信区:cn.bbs.comp.security 标 题:[SECURITY]New sendmail packages fix buffer overflows 发信站:BBS 水木清华站 转信站:LeafOK!news.zixia.net!maily.cic.tsinghua.edu.cn!SMTH ----- Original Message ----- From: "Matt Zimmerman" <mdz@debian.org> To: <bugtraq@securityfocus.com> Sent: Thursday, September 18, 2003 10:19 AM Subject: [SECURITY] [DSA-384-1] New sendmail packages fix buffer overflows -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------- --------- --- Debian Security Advisory DSA 384-1 security@ debian.org http://www.debian.org/security/ Matt Zimmerman September 17th, 2003 http://www.debian.org/se curity/faq - -------------------------------------------------------------- --------- --- Package : sendmail Vulnerability : buffer overflows Problem-Type : remote Debian-specific: no CVE Ids : CAN-2003-0681 CAN-2003-0694 Two vulnerabilities were reported in sendmail. - CAN-2003-0681 A "potential buffer overflow in ruleset parsing" fo r Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2) , final, or (3) mailer-specific envelope recipients, has unknow n consequences. - CAN-2003-0694 The prescan function in Sendmail 8.12.9 allows remote attacker s to execute arbitrary code via buffer overflow attacks, as demonst rated using the parseaddr function in parseaddr.c. For the stable distribution (woody) these problems have been fix ed in sendmail version 8.12.3-6.6 and sendmail-wide version 8.12.3+3.5Wbeta-5.5. For the unstable distribution (sid) these problems have been fix ed in sendmail version 8.12.10-1. We recommend that you update your sendmail package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3-6.6.dsc Size/MD5 checksum: 751 a7d0da0bedbe35592233cb9ce710f5 51 http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3-6.6.diff.gz Size/MD5 checksum: 255026 5a86a93275a55af8c92677469c4a8c d3 http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3.orig.tar.gz Size/MD5 checksum: 1840401 b198b346b10b3b5afc8cb4e12c07ff 4d http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta-5.5.dsc Size/MD5 checksum: 738 cc23a68bcf23332d560086c3c55cd1 6a http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta-5.5.diff.gz Size/MD5 checksum: 327218 7f2fc2d0efe7935713b2d77dec6635 9c http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta.orig.tar.gz Size/MD5 checksum: 1870451 4c7036e8042bae10a90da4a84a7179 63 Architecture independent components: http://security.debian.org/pool/updates/main/s/sendmail/send mail-doc_8 .12.3-6.6_all.deb Size/MD5 checksum: 747778 9c4362147654d4f28d8346fa4ad84e d0 Alpha architecture: http://security.debian.org/pool/updates/main/s/sendmail/libm ilter-dev_8 .12.3-6.6_alpha.deb Size/MD5 checksum: 267842 4f53274558b9e29ca341721a68fb4a dc http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3-6.6_alpha.deb Size/MD5 checksum: 1109340 78cb6eb6b340e5dc52982889532a84 4a http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta-5.5_alpha.deb Size/MD5 checksum: 440712 b22b97caba3652ef2a7d9f35633e30 40 ARM architecture: http://security.debian.org/pool/updates/main/s/sendmail/libm ilter-dev_8 .12.3-6.6_arm.deb Size/MD5 checksum: 247568 ac8f0778eb56f7c0a852fdc54ef071 b1 http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3-6.6_arm.deb Size/MD5 checksum: 979454 6b9898686e6361abe657c5fd75d962 c5 http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta-5.5_arm.deb Size/MD5 checksum: 369568 3baf5caa46b2c9d0b67c6d60f47d80 30 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libm ilter-dev_8 .12.3-6.6_i386.deb Size/MD5 checksum: 237374 0662e6e9bb58db37a1d8f511e4ba2f ce http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3-6.6_i386.deb Size/MD5 checksum: 917848 3717265bb7ed3f5bd81fb9a712826c ec http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta-5.5_i386.deb Size/MD5 checksum: 328914 23af5c312cef6a53f000f4663980b1 1d Intel IA-64 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libm ilter-dev_8 .12.3-6.6_ia64.deb Size/MD5 checksum: 282028 a35b9ca4cfc7a1c1ec6bdb1f2e00d8 bb http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3-6.6_ia64.deb Size/MD5 checksum: 1332734 9f4ae78c3aa4644366e7e3f4bb7870 96 http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta-5.5_ia64.deb Size/MD5 checksum: 575024 9e4283bf8427361959efc71fa10b47 db HP Precision architecture: http://security.debian.org/pool/updates/main/s/sendmail/libm ilter-dev_8 .12.3-6.6_hppa.deb Size/MD5 checksum: 261692 a91642fb4a90687c7d318342cac40b 81 http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3-6.6_hppa.deb Size/MD5 checksum: 1081070 f8359f91edc1a1587de9ef3fee05e4 8a http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta-5.5_hppa.deb Size/MD5 checksum: 413758 f7ebfefbe7bc3a212a0233531969d6 ce Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libm ilter-dev_8 .12.3-6.6_m68k.deb Size/MD5 checksum: 231156 5a6f6c5597d65c625a8f93bca3ba91 c7 http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3-6.6_m68k.deb Size/MD5 checksum: 865868 3f8e05c30f67a10b3148868b884b18 1a http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta-5.5_m68k.deb Size/MD5 checksum: 300824 fcfe51748953a3cbec6b67ec6b59c8 15 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sendmail/libm ilter-dev_8 .12.3-6.6_mips.deb Size/MD5 checksum: 255192 f6e277fc5dd3aad2471224cd5a93d8 b2 http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3-6.6_mips.deb Size/MD5 checksum: 1022140 9ffa270d18fcff47eb50a379abf834 23 http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta-5.5_mips.deb Size/MD5 checksum: 378446 3eb569322bf2ca44efad2e619ac60e 09 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sendmail/libm ilter-dev_8 .12.3-6.6_mipsel.deb Size/MD5 checksum: 254886 1671ae782111b31689db3cdcc8a685 ca http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3-6.6_mipsel.deb Size/MD5 checksum: 1022564 2c6d07a51a6799b3adf0465708ea96 5a http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta-5.5_mipsel.deb Size/MD5 checksum: 380428 af4eb3885b34141ac8ca280d9588c2 36 PowerPC architecture: http://security.debian.org/pool/updates/main/s/sendmail/libm ilter-dev_8 .12.3-6.6_powerpc.deb Size/MD5 checksum: 257296 6327996cfa6ba83133ca891e9ee7e0 6b http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3-6.6_powerpc.deb Size/MD5 checksum: 978630 a328cc8608dfe496bacb51984a813e ff http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta-5.5_powerpc.deb Size/MD5 checksum: 363018 a7310a71887232474be479fdc0dc88 46 IBM S/390 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libm ilter-dev_8 .12.3-6.6_s390.deb Size/MD5 checksum: 242622 86d18643513d01467640277260d5fa f4 http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3-6.6_s390.deb Size/MD5 checksum: 966352 db7b4c5516759dde0c244f87394e20 6a http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta-5.5_s390.deb Size/MD5 checksum: 354934 7d9e5afceef87330409cc68a284e0b 99 Sun Sparc architecture: http://security.debian.org/pool/updates/main/s/sendmail/libm ilter-dev_8 .12.3-6.6_sparc.deb Size/MD5 checksum: 245326 d2c2c75a72bb25db831cf200aaa84a e2 http://security.debian.org/pool/updates/main/s/sendmail/send mail_8.12 .3-6.6_sparc.deb Size/MD5 checksum: 982550 7e755b31bb2b0db5aa82ca5f516ac4 6d http://security.debian.org/pool/updates/main/s/sendmail-wide /sendmail -wide_8.12.3+3.5Wbeta-5.5_sparc.deb Size/MD5 checksum: 356148 c330e1560c9b37e25dd73947fe6fbc 22 These files will probably be moved into the stable distributio n on its next revision. - -------------------------------------------------------------- --------- ---------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/st able/updates /main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.d ebian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/aRYhArxCt0PiXR4RAn1gAJ4nXIjnkqTUiC3Bqn2ySsN31cahlACdGY9B vpFsYP/dA/tCMTSuOOan4ps= =Bg/T -----END PGP SIGNATURE----- -- 输了你我输了全部 ※ 来源:·BBS 水木清华站 smth.org·[FROM: 210.43.181.4] |
||
|
========== * * * * * ==========
|
| 返回 |