Red Hat alert: Updated Sendmail packages fix vulnerability.

Posted by dave on Sep 17, 2003 3:45 PM EDT
Mailing list
Mail this story
Print this story

Updated Sendmail packages that fix a potentially-exploitable vulnerability are now available.

Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated Sendmail packages fix vulnerability.
Advisory ID:       RHSA-2003:283-01
Issue date:        2003-09-17
Updated on:        2003-09-17
Product:           Red Hat Linux
Cross references:  
Obsoletes:         RHSA-2003:265
CVE Names:         CAN-2003-0694 CAN-2003-0681
- ---------------------------------------------------------------------

1. Topic:

Updated Sendmail packages that fix a potentially-exploitable vulnerability
are now available.

2. Relevant releases/architectures:

Red Hat Linux 7.1 - i386
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386
Red Hat Linux 8.0 - i386
Red Hat Linux 9 - i386

3. Problem description:

Sendmail is a widely used Mail Transport Agent (MTA) and is included in all
Red Hat Linux distributions.

Michal Zalewski found a bug in the prescan() function of unpatched Sendmail
versions prior to 8.12.10. The sucessful exploitation of this bug can lead
to heap and stack structure overflows.  Although no exploit currently
exists, this issue is locally exploitable and may also be remotely
exploitable. The Common Vulnerabilities and Exposures project
( has assigned the name CAN-2003-0694 to this issue.

Additionally, for Red Hat Linux 8.0 and 9 we have included a fix for a
potential buffer overflow in ruleset parsing.  This problem is not
exploitable in the default sendmail configuration; it is exploitable only
if non-standard rulesets recipient (2), final (4), or mailer-specific
envelope recipients rulesets are used.  The Common Vulnerabilities and
Exposures project ( has assigned the name CAN-2003-0681 to
this issue.

All users are advised to update to these erratum packages containing a
backported patch which corrects these vulnerabilities.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:


This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate 
Errors, you need to install a version of the up2date client with an updated 
certificate.  The latest version of up2date is available from the Red Hat 
FTP site and may also be downloaded directly from the RHN website:

5. Bug IDs fixed ( for more info):

104563 - CAN-2003-0694 Sendmail possible remote exploit

6. RPMs required:

Red Hat Linux 7.1:



Red Hat Linux 7.2:




Red Hat Linux 7.3:



Red Hat Linux 8.0:



Red Hat Linux 9:



7. Verification:

MD5 sum                          Package Name
- --------------------------------------------------------------------------
675b4366f9894a73944ed8f91cea5c7d 7.1/en/os/SRPMS/sendmail-8.11.6-27.71.src.rpm
faed73b08e50794290423dd2b8c8bc9f 7.1/en/os/i386/sendmail-8.11.6-27.71.i386.rpm
bf1cc813beded26219d81e7fb0a5cc8b 7.1/en/os/i386/sendmail-cf-8.11.6-27.71.i386.rpm
b3658219e5a31c2a788a828b80044581 7.1/en/os/i386/sendmail-devel-8.11.6-27.71.i386.rpm
4c47bae883878e661312561bb35fdd1d 7.1/en/os/i386/sendmail-doc-8.11.6-27.71.i386.rpm
0fc61a1454c0c4a06f35105bc2b497f3 7.2/en/os/SRPMS/sendmail-8.11.6-27.72.src.rpm
65054b5ca258e62afa68a6cc3439d64f 7.2/en/os/i386/sendmail-8.11.6-27.72.i386.rpm
c4dfd211300fbadd2f7482c80094054b 7.2/en/os/i386/sendmail-cf-8.11.6-27.72.i386.rpm
24f6d31f51e7688bc261ffe4ee248280 7.2/en/os/i386/sendmail-devel-8.11.6-27.72.i386.rpm
213f9dbe89703c90eb970bf09121adfe 7.2/en/os/i386/sendmail-doc-8.11.6-27.72.i386.rpm
2fff7128169ae9a3a3cf4e7f3418a64a 7.2/en/os/ia64/sendmail-8.11.6-27.72.ia64.rpm
2ad3274246e74dad6462ce1d630b0fc9 7.2/en/os/ia64/sendmail-cf-8.11.6-27.72.ia64.rpm
7c4330087840a86ad38e459879211768 7.2/en/os/ia64/sendmail-devel-8.11.6-27.72.ia64.rpm
fae68ef232f32b3736964d2fdcea77de 7.2/en/os/ia64/sendmail-doc-8.11.6-27.72.ia64.rpm
afa8639444b6fc6b2889d18b34fcdc68 7.3/en/os/SRPMS/sendmail-8.11.6-27.73.src.rpm
9164913aa510c0c241646cf7134f6b4c 7.3/en/os/i386/sendmail-8.11.6-27.73.i386.rpm
5ac5d48dbc80c817d384e1267452ef96 7.3/en/os/i386/sendmail-cf-8.11.6-27.73.i386.rpm
df4b107c15fdbfd8c7c97423956831d8 7.3/en/os/i386/sendmail-devel-8.11.6-27.73.i386.rpm
370ec17f86d5658b3f7f9adcf0102a69 7.3/en/os/i386/sendmail-doc-8.11.6-27.73.i386.rpm
368c156b23b89d1a0d7eb1cecb3011e2 8.0/en/os/SRPMS/sendmail-8.12.8-9.80.src.rpm
fbecae564b08ab535f846b089c8ca3a9 8.0/en/os/i386/sendmail-8.12.8-9.80.i386.rpm
da5ede78cf6da018537a741bd4f1df70 8.0/en/os/i386/sendmail-cf-8.12.8-9.80.i386.rpm
66fdacc34440831977a571dfb6540e58 8.0/en/os/i386/sendmail-devel-8.12.8-9.80.i386.rpm
6afa3f6f6e79e4fbda7c5026cea277c7 8.0/en/os/i386/sendmail-doc-8.12.8-9.80.i386.rpm
870a1c9b2cf0e161ae7d0e78d0c080f4 9/en/os/SRPMS/sendmail-8.12.8-9.90.src.rpm
2d2d9df08fa8084ceafb832d454ad543 9/en/os/i386/sendmail-8.12.8-9.90.i386.rpm
c44250016b8b353a1985fa4510a50327 9/en/os/i386/sendmail-cf-8.12.8-9.90.i386.rpm
98dadb898089fc7952790f38cbe71f96 9/en/os/i386/sendmail-devel-8.12.8-9.90.i386.rpm
bc6dadfb2f68215c09b876972f5c74b5 9/en/os/i386/sendmail-doc-8.12.8-9.90.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key is
available from

You can verify each package with the following command:
    rpm --checksig -v 

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:

8. References:

9. Contact:

The Red Hat security contact is .  More contact
details at

Copyright 2003 Red Hat, Inc.
Version: GnuPG v1.0.7 (GNU/Linux)


» Read more about: Story Type: Security; Groups: Red Hat

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.