CVE-2003-0694
CVSS10.0
发布时间 :2003-10-06 00:00:00
修订时间 :2016-10-17 22:36:39
NMCS    

[原文]The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.


[CNNVD]Sendmail prescan头处理远程溢出漏洞(CNNVD-200310-019)

        
        Sendmail是一款互联网上最流行的邮件传输代理(MTA)。
        Sendmail中的prescan()函数(与 http://www.nsfocus.net/index.php?act=sec_bug&do=view&bug_id=4625 描述的漏洞不同)存在问题,远程攻击者可以利用这个漏洞可能以Sendmail进程权限在系统上执行任意指令。
        在Linux上的本地利用方法可以通过recipient.c和sendtolist(),利用用户提交的数据覆盖指针,在调用free()函数时可能导致指令重定向,攻击者可以构建恶意邮件消息提交给Sendmail解析可能以Sendmail进程权限在系统上执行任意指令。一般的利用方式是通过parseaddr()函数间接调用prescan()函数来覆盖一些数据结构来触发溢出,也有可能存在其他的利用方式,远程利用此漏洞也是可能的。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:sendmail:sendmail_switch:3.0.2
cpe:/o:sgi:irix:6.5.18mSGI IRIX 6.5.18m
cpe:/o:compaq:tru64:4.0f_pk7_bl18Compaq Tru64 4.0f PK7_BL18
cpe:/a:sendmail:sendmail:8.10.2Sendmail Sendmail 8.10.2
cpe:/o:sun:solaris:7.0::x86
cpe:/a:sendmail:sendmail:8.10.1Sendmail Sendmail 8.10.1
cpe:/o:turbolinux:turbolinux_workstation:8.0
cpe:/o:compaq:tru64:5.1b_pk2_bl22Compaq Tru64 5.1b PK2_BL22
cpe:/a:sendmail:sendmail:3.0Sendmail Sendmail 3.0
cpe:/a:sendmail:sendmail_switch:2.2.5
cpe:/o:ibm:aix:5.2IBM AIX 5.2
cpe:/o:ibm:aix:5.1IBM AIX 5.1
cpe:/o:compaq:tru64:5.1a_pk5_bl23Compaq Tru64 5.1a PK5_BL23
cpe:/a:sendmail:sendmail_switch:2.2.1
cpe:/o:freebsd:freebsd:5.1:releng
cpe:/o:compaq:tru64:5.1a_pk1_bl1Compaq Tru64 5.1a PK1_BL1
cpe:/o:netbsd:netbsd:1.4.3NetBSD 1.4.3
cpe:/o:sgi:irix:6.5.18fSGI IRIX 6.5.18f
cpe:/a:sendmail:sendmail_switch:2.2.4
cpe:/o:compaq:tru64:4.0g_pk3_bl17Compaq Tru64 4.0g PK3_BL17
cpe:/o:sun:solaris:8.0
cpe:/a:sendmail:sendmail_switch:3.0
cpe:/o:sgi:irix:6.5.19mSGI IRIX 6.5.19m
cpe:/o:freebsd:freebsd:5.0:releng
cpe:/a:sendmail:sendmail_pro:8.9.3Sendmail Sendmail Pro 8.9.3
cpe:/o:turbolinux:turbolinux_server:6.1
cpe:/o:apple:mac_os_x_server:10.2Apple Mac OS X Server 10.2
cpe:/o:turbolinux:turbolinux_server:6.5
cpe:/a:sendmail:sendmail_pro:8.9.2Sendmail Sendmail Pro 8.9.2
cpe:/o:freebsd:freebsd:4.4:release_p42
cpe:/a:sendmail:sendmail_switch:2.1.3
cpe:/a:sendmail:sendmail_switch:2.1.4
cpe:/a:sendmail:sendmail_switch:2.1.1
cpe:/o:gentoo:linux:1.2Gentoo Linux 1.2
cpe:/a:sendmail:sendmail:8.9.3Sendmail Sendmail 8.9.3
cpe:/o:sgi:irix:6.5.16SGI IRIX 6.5.16
cpe:/o:gentoo:linux:1.4:rc2Gentoo Linux 1.4 rc2
cpe:/a:sendmail:sendmail:8.9.0Sendmail Sendmail 8.9.0
cpe:/a:sendmail:sendmail:8.12:beta10Sendmail Sendmail 8.12 Beta10
cpe:/a:sendmail:sendmail:8.9.2Sendmail Sendmail 8.9.2
cpe:/a:sendmail:sendmail:8.9.1Sendmail Sendmail 8.9.1
cpe:/o:compaq:tru64:4.0f_pk6_bl17Compaq Tru64 4.0f PK6_BL17
cpe:/o:sgi:irix:6.5.19fSGI IRIX 6.5.19f
cpe:/o:gentoo:linux:1.4:rc1Gentoo Linux 1.4 rc1
cpe:/o:gentoo:linux:1.4:rc3Gentoo Linux 1.4 rc3
cpe:/o:ibm:aix:4.3.3IBM AIX 4.3.3
cpe:/o:sun:solaris:8.0::x86
cpe:/a:sendmail:sendmail:8.11.1Sendmail Sendmail 8.11.1
cpe:/a:sendmail:sendmail:8.11.0Sendmail Sendmail 8.11
cpe:/a:sendmail:sendmail:8.11.3Sendmail Sendmail 8.11.3
cpe:/o:sgi:irix:6.5.20mSGI IRIX 6.5.20m
cpe:/o:freebsd:freebsd:4.8:release_p6
cpe:/a:sendmail:advanced_message_server:1.3Sendmail Sendmail Advanced Message Server 1.3
cpe:/a:sendmail:sendmail:8.11.2Sendmail Sendmail 8.11.2
cpe:/a:sendmail:sendmail:8.11.5Sendmail Sendmail 8.11.5
cpe:/a:sendmail:sendmail:8.12:beta12Sendmail Sendmail 8.12 Beta12
cpe:/a:sendmail:sendmail:8.11.4Sendmail Sendmail 8.11.4
cpe:/o:compaq:tru64:5.1_pk3_bl17Compaq Tru64 5.1 PK3_BL17
cpe:/a:sendmail:sendmail:8.11.6Sendmail Sendmail 8.11.6
cpe:/o:compaq:tru64:5.1a_pk4_bl21Compaq Tru64 5.1a PK4_BL21
cpe:/a:sendmail:sendmail:8.12:beta16Sendmail Sendmail 8.12 Beta16
cpe:/o:sgi:irix:6.5.15SGI IRIX 6.5.15
cpe:/o:compaq:tru64:4.0fCompaq Tru64 4.0f
cpe:/o:compaq:tru64:4.0gCompaq Tru64 4.0g
cpe:/o:compaq:tru64:5.1b_pk1_bl1Compaq Tru64 5.1b PK1_BL1
cpe:/o:freebsd:freebsd:4.6:releng
cpe:/o:apple:mac_os_x:10.2Apple Mac OS X 10.2
cpe:/o:freebsd:freebsd:4.7:releng
cpe:/o:gentoo:linux:1.1a
cpe:/o:sun:solaris:7.0
cpe:/a:sendmail:sendmail_switch:2.1.2
cpe:/o:freebsd:freebsd:4.3:releng
cpe:/o:freebsd:freebsd:4.8:releng
cpe:/a:sendmail:sendmail_switch:2.1.5
cpe:/o:netbsd:netbsd:1.6NetBSD 1.6
cpe:/o:netbsd:netbsd:1.5NetBSD 1.5
cpe:/a:sendmail:advanced_message_server:1.2Sendmail Sendmail Advanced Message Server 1.2
cpe:/o:freebsd:freebsd:4.4:releng
cpe:/o:freebsd:freebsd:4.5:releng
cpe:/o:freebsd:freebsd:4.9:pre-release
cpe:/o:sgi:irix:6.5.17mSGI IRIX 6.5.17m
cpe:/o:sgi:irix:6.5.21fSGI IRIX 6.5.21f
cpe:/o:freebsd:freebsd:4.0:releng
cpe:/a:sendmail:sendmail:8.12:beta5Sendmail Sendmail 8.12 Beta5
cpe:/a:sendmail:sendmail:8.12:beta7Sendmail Sendmail 8.12 beta7
cpe:/o:turbolinux:turbolinux_server:7.0
cpe:/o:compaq:tru64:5.1a_pk2_bl2Compaq Tru64 5.1a PK2_BL2
cpe:/o:compaq:tru64:5.1_pk6_bl20Compaq Tru64 5.1 PK6_BL20
cpe:/o:sgi:irix:6.5.21mSGI IRIX 6.5.21m
cpe:/o:netbsd:netbsd:1.6:betaNetBSD 1.6 Beta
cpe:/o:apple:mac_os_x_server:10.2.4Apple Mac OS X Server 10.2.4
cpe:/o:compaq:tru64:4.0f_pk8_bl22Compaq Tru64 4.0f PK8_BL22
cpe:/o:sgi:irix:6.5.17fSGI IRIX 6.5.17f
cpe:/o:compaq:tru64:5.1_pk4_bl18Compaq Tru64 5.1 PK4_BL18
cpe:/o:apple:mac_os_x_server:10.2.1Apple Mac OS X Server 10.2.1
cpe:/o:apple:mac_os_x_server:10.2.2Apple Mac OS X Server 10.2.2
cpe:/o:apple:mac_os_x_server:10.2.5Apple Mac OS X Server 10.2.5
cpe:/o:apple:mac_os_x_server:10.2.6Apple Mac OS X Server 10.2.6
cpe:/o:apple:mac_os_x_server:10.2.3Apple Mac OS X Server 10.2.3
cpe:/o:sun:solaris:9.0::x86
cpe:/o:freebsd:freebsd:5.1:release_p5
cpe:/a:sendmail:sendmail:8.12.0Sendmail Sendmail 8.12.0
cpe:/o:netbsd:netbsd:1.5::x86
cpe:/a:sendmail:sendmail:8.12.2Sendmail Sendmail 8.12.2
cpe:/a:sendmail:sendmail:8.12.1Sendmail Sendmail 8.12.1
cpe:/a:sendmail:sendmail:8.12.4Sendmail Sendmail 8.12.4
cpe:/a:sendmail:sendmail:8.12.3Sendmail Sendmail 8.12.3
cpe:/o:freebsd:freebsd:4.7:release_p17
cpe:/a:sendmail:sendmail:8.12.6Sendmail Sendmail 8.12.6
cpe:/a:sendmail:sendmail:8.12.5Sendmail Sendmail 8.12.5
cpe:/o:netbsd:netbsd:1.5::sh3
cpe:/o:turbolinux:turbolinux_workstation:6.0
cpe:/o:compaq:tru64:5.1_pk5_bl19Compaq Tru64 5.1 PK5_BL19
cpe:/o:netbsd:netbsd:1.6.1NetBSD 1.6.1
cpe:/o:gentoo:linux:0.7
cpe:/o:sun:solaris:2.6
cpe:/o:apple:mac_os_x:10.2.6Apple Mac OS X 10.2.6
cpe:/o:apple:mac_os_x:10.2.3Apple Mac OS X 10.2.3
cpe:/o:freebsd:freebsd:3.0:releng
cpe:/o:apple:mac_os_x:10.2.5Apple Mac OS X 10.2.5
cpe:/o:hp:hp-ux:11.11HP-UX 11.11
cpe:/o:apple:mac_os_x:10.2.2Apple Mac OS X 10.2.2
cpe:/o:apple:mac_os_x:10.2.1Apple Mac OS X 10.2.1
cpe:/o:turbolinux:turbolinux_server:8.0
cpe:/o:compaq:tru64:4.0g_pk4_bl22Compaq Tru64 4.0g PK4_BL22
cpe:/a:sendmail:sendmail:8.12.8Sendmail Sendmail 8.12.8
cpe:/a:sendmail:sendmail:8.12.7Sendmail Sendmail 8.12.7
cpe:/a:sendmail:sendmail:8.12.9Sendmail Sendmail 8.12.9
cpe:/a:sendmail:sendmail:8.10Sendmail Sendmail 8.10
cpe:/o:sun:solaris:9.0::sparc
cpe:/o:turbolinux:turbolinux_advanced_server:6.0
cpe:/o:hp:hp-ux:11.22HP-UX 11i v1.6
cpe:/o:sgi:irix:6.5.20fSGI IRIX 6.5.20f
cpe:/o:freebsd:freebsd:4.3:release_p38
cpe:/o:freebsd:freebsd:5.0:release_p14
cpe:/o:sun:solaris:2.6::x86
cpe:/o:freebsd:freebsd:4.5:release_p32
cpe:/a:sendmail:sendmail:2.6Sendmail Sendmail 2.6
cpe:/o:netbsd:netbsd:1.5.1NetBSD 1.5.1
cpe:/o:turbolinux:turbolinux_workstation:7.0
cpe:/a:sendmail:sendmail:2.6.1Sendmail Sendmail 2.6.1
cpe:/a:sendmail:sendmail:2.6.2Sendmail Sendmail 2.6.2
cpe:/o:netbsd:netbsd:1.5.3NetBSD 1.5.3
cpe:/o:compaq:tru64:5.1aCompaq Tru64 5.1a
cpe:/o:netbsd:netbsd:1.5.2NetBSD 1.5.2
cpe:/o:compaq:tru64:5.1bCompaq Tru64 5.1b
cpe:/a:sendmail:sendmail_switch:2.1
cpe:/a:sendmail:sendmail_switch:2.2
cpe:/o:apple:mac_os_x:10.2.4Apple Mac OS X 10.2.4
cpe:/a:sendmail:sendmail_switch:2.2.2
cpe:/a:sendmail:sendmail_switch:2.2.3
cpe:/o:compaq:tru64:5.1Compaq Tru64 5.1
cpe:/a:sendmail:sendmail:3.0.3Sendmail Sendmail 3.0.3
cpe:/o:compaq:tru64:5.1a_pk3_bl3Compaq Tru64 5.1a PK3_BL3
cpe:/o:gentoo:linux:0.5
cpe:/a:sendmail:sendmail:3.0.2Sendmail Sendmail 3.0.2
cpe:/o:freebsd:freebsd:4.6:release_p20
cpe:/a:sendmail:sendmail:3.0.1Sendmail Sendmail 3.0.1
cpe:/o:hp:hp-ux:11.00HP-UX 11.00
cpe:/a:sendmail:sendmail:8.8.8Sendmail Sendmail 8.8.8
cpe:/a:sendmail:sendmail_switch:3.0.1
cpe:/o:hp:hp-ux:11.0.4HP HP-UX 11.0.4
cpe:/a:sendmail:sendmail_switch:3.0.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:603Sendmail BO in prescan Function
oval:org.mitre.oval:def:572Sendmail BO in Prescan Function
oval:org.mitre.oval:def:2975Sendmail prescan function Buffer Overflow
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0694
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0694
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200310-019
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt
(UNKNOWN)  SCO  SCOSA-2004.11
http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html
(UNKNOWN)  FULLDISC  20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html
(UNKNOWN)  VULNWATCH  20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742
(UNKNOWN)  CONECTIVA  CLA-2003:742
http://marc.info/?l=bugtraq&m=106381604923204&w=2
(UNKNOWN)  BUGTRAQ  20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
http://marc.info/?l=bugtraq&m=106382859407683&w=2
(UNKNOWN)  BUGTRAQ  20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)
http://marc.info/?l=bugtraq&m=106383437615742&w=2
(UNKNOWN)  BUGTRAQ  20030917 GLSA: sendmail (200309-13)
http://marc.info/?l=bugtraq&m=106398718909274&w=2
(UNKNOWN)  BUGTRAQ  20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)
http://www.cert.org/advisories/CA-2003-25.html
(VENDOR_ADVISORY)  CERT  CA-2003-25
http://www.debian.org/security/2003/dsa-384
(UNKNOWN)  DEBIAN  DSA-384
http://www.kb.cert.org/vuls/id/784980
(UNKNOWN)  CERT-VN  VU#784980
http://www.mandriva.com/security/advisories?name=MDKSA-2003:092
(UNKNOWN)  MANDRAKE  MDKSA-2003:092
http://www.redhat.com/support/errata/RHSA-2003-283.html
(UNKNOWN)  REDHAT  RHSA-2003:283
http://www.redhat.com/support/errata/RHSA-2003-284.html
(UNKNOWN)  REDHAT  RHSA-2003:284
http://www.sendmail.org/8.12.10.html
(PATCH)  CONFIRM  http://www.sendmail.org/8.12.10.html

- 漏洞信息

Sendmail prescan头处理远程溢出漏洞
危急 边界条件错误
2003-10-06 00:00:00 2006-08-24 00:00:00
远程※本地  
        
        Sendmail是一款互联网上最流行的邮件传输代理(MTA)。
        Sendmail中的prescan()函数(与 http://www.nsfocus.net/index.php?act=sec_bug&do=view&bug_id=4625 描述的漏洞不同)存在问题,远程攻击者可以利用这个漏洞可能以Sendmail进程权限在系统上执行任意指令。
        在Linux上的本地利用方法可以通过recipient.c和sendtolist(),利用用户提交的数据覆盖指针,在调用free()函数时可能导致指令重定向,攻击者可以构建恶意邮件消息提交给Sendmail解析可能以Sendmail进程权限在系统上执行任意指令。一般的利用方式是通过parseaddr()函数间接调用prescan()函数来覆盖一些数据结构来触发溢出,也有可能存在其他的利用方式,远程利用此漏洞也是可能的。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 停止使用Sendmail。
        * 在配置文件中设置RunAsUser选项。但这仅能减小攻击所带来的威胁,并不能
         彻底消除安全漏洞。
        厂商补丁:
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLA-2003:742)以及相应补丁:
        CLA-2003:742:sendmail
        链接:
        http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000742

        补丁下载:
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sendmail-8.11.6-1U70_5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sendmail-cf-8.11.6-1U70_5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sendmail-doc-8.11.6-1U70_5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/sendmail-8.11.6-1U70_5cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/sendmail-8.11.6-2U80_5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/sendmail-cf-8.11.6-2U80_5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/sendmail-doc-8.11.6-2U80_5cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/SRPMS/sendmail-8.11.6-2U80_5cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/9/RPMS/sendmail-8.12.5-26986U90_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/9/RPMS/sendmail-cf-8.12.5-26986U90_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/9/RPMS/sendmail-doc-8.12.5-26986U90_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/9/SRPMS/sendmail-8.12.5-26986U90_3cl.src.rpm
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-384-1)以及相应补丁:
        DSA-384-1:New sendmail packages fix buffer overflows
        链接:
        http://www.debian.org/security/2002/dsa-384

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6.dsc

        Size/MD5 checksum: 751 a7d0da0bedbe35592233cb9ce710f551
        
        http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6.diff.gz

        Size/MD5 checksum: 255026 5a86a93275a55af8c92677469c4a8cd3
        
        http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz

        Size/MD5 checksum: 1840401 b198b346b10b3b5afc8cb4e12c07ff4d
        
        http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5.dsc

        Size/MD5 checksum: 738 cc23a68bcf23332d560086c3c55cd16a
        
        http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5.diff.gz

        Size/MD5 checksum: 327218 7f2fc2d0efe7935713b2d77dec66359c
        
        http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta.orig.tar.gz

        Size/MD5 checksum: 1870451 4c7036e8042bae10a90da4a84a717963
        Architecture independent components:
        
        http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.6_all.deb

        Size/MD5 checksum: 747778 9c4362147654d4f28d8346fa4ad84ed0
        Alpha architecture:
        
        http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_alpha.deb

        Size/MD5 checksum: 267842 4f53274558b9e29ca341721a68fb4adc
        
        http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_alpha.deb

        Size/MD5 checksum: 1109340 78cb6eb6b340e5dc52982889532a844a
        
        http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_alpha.deb

        Size/MD5 checksum: 440712 b22b97caba3652ef2a7d9f35633e3040
        ARM architecture:
        
        http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_arm.deb

        Size/MD5 checksum: 247568 ac8f0778eb56f7c0a852fdc54ef071b1
        
        http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_arm.deb

        Size/MD5 checksum: 979454 6b9898686e6361abe657c5fd75d962c5
        
        http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_arm.deb

        Size/MD5 checksum: 369568 3baf5caa46b2c9d0b67c6d60f47d8030
        Intel IA-32 architecture:
        
        http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_i386.deb

        Size/MD5 checksum: 237374 0662e6e9bb58db37a1d8f511e4ba2fce
        
        http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_i386.deb

        Size/MD5 checksum: 917848 3717265bb7ed3f5bd81fb9a712826cec
        
        http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_i386.deb

        Size/MD5 checksum: 328914 23af5c312cef6a53f000f4663980b11d
        Intel IA-64 architecture:
        
        http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_ia64.deb

        Size/MD5 checksum: 282028 a35b9ca4cfc7a1c1ec6bdb1f2e00d8bb
        
        http://security.debian.org/po

- 漏洞信息

Sendmail Prescan() Variant Remote Buffer Overrun Vulnerability
Boundary Condition Error 8641
Yes Yes
2003-09-17 12:00:00 2009-07-11 11:56:00
Discovery is credited to Michal Zalewski <lcamtuf@dione.ids.pl>.

- 受影响的程序版本

Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Workstation 6.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Server 6.5
Turbolinux Turbolinux Server 6.1
Turbolinux Turbolinux Advanced Server 6.0
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 2.6_x86
Sun Solaris 2.6
Sun Linux 5.0.7
Sun Cobalt RaQ 550
Sun Cobalt RaQ 4
SGI IRIX 6.5.21 m
SGI IRIX 6.5.21 f
SGI IRIX 6.5.20 m
SGI IRIX 6.5.20 f
SGI IRIX 6.5.19 m
SGI IRIX 6.5.19 f
SGI IRIX 6.5.18 m
SGI IRIX 6.5.18 f
SGI IRIX 6.5.17 m
SGI IRIX 6.5.17 f
SGI IRIX 6.5.16
SGI IRIX 6.5.15
Sendmail Inc Sendmail Switch 3.0.3
Sendmail Inc Sendmail Switch 3.0.2
Sendmail Inc Sendmail Switch 3.0.1
Sendmail Inc Sendmail Switch 3.0
Sendmail Inc Sendmail Switch 2.2.5
Sendmail Inc Sendmail Switch 2.2.4
Sendmail Inc Sendmail Switch 2.2.3
Sendmail Inc Sendmail Switch 2.2.2
Sendmail Inc Sendmail Switch 2.2.1
Sendmail Inc Sendmail Switch 2.2
Sendmail Inc Sendmail Switch 2.1.5
Sendmail Inc Sendmail Switch 2.1.4
Sendmail Inc Sendmail Switch 2.1.3
Sendmail Inc Sendmail Switch 2.1.2
Sendmail Inc Sendmail Switch 2.1.1
Sendmail Inc Sendmail Switch 2.1
Sendmail Inc Sendmail Pro 8.9.3
Sendmail Inc Sendmail Pro 8.9.2
Sendmail Inc Sendmail for NT 3.0.3
Sendmail Inc Sendmail for NT 3.0.2
Sendmail Inc Sendmail for NT 3.0.1
Sendmail Inc Sendmail for NT 3.0
Sendmail Inc Sendmail for NT 2.6.2
Sendmail Inc Sendmail for NT 2.6.1
Sendmail Inc Sendmail for NT 2.6
Sendmail Inc Sendmail Advanced Message Server 1.3
Sendmail Inc Sendmail Advanced Message Server 1.2
Sendmail Consortium Sendmail 8.12.9
Sendmail Consortium Sendmail 8.12.8
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0 i386
+ Yellow Dog Linux 3.0
Sendmail Consortium Sendmail 8.12.7
+ OpenPKG OpenPKG 1.2
+ Slackware Linux 8.1
+ SOTLinux SOTLinux 2003 Desktop
+ SOTLinux SOTLinux 2003 Server
Sendmail Consortium Sendmail 8.12.6
Sendmail Consortium Sendmail 8.12.5
Sendmail Consortium Sendmail 8.12.4
Sendmail Consortium Sendmail 8.12.3
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ FreeBSD FreeBSD 4.6
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
Sendmail Consortium Sendmail 8.12.2
Sendmail Consortium Sendmail 8.12.1
+ HP MPE/iX 7.5
+ HP MPE/iX 7.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Sendmail Consortium Sendmail 8.12 beta7
Sendmail Consortium Sendmail 8.12 beta5
Sendmail Consortium Sendmail 8.12 beta16
Sendmail Consortium Sendmail 8.12 beta12
Sendmail Consortium Sendmail 8.12 beta10
Sendmail Consortium Sendmail 8.12 .0
Sendmail Consortium Sendmail 8.11.6
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ FreeBSD FreeBSD 4.5 -RELEASE
+ FreeBSD FreeBSD 4.5
+ FreeBSD FreeBSD 4.4
+ Immunix Immunix OS 7.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 6.2 i386
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ Sun Cobalt RaQ 550
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Sendmail Consortium Sendmail 8.11.5
Sendmail Consortium Sendmail 8.11.4
+ Conectiva Linux 7.0
- Slackware Linux 8.0
Sendmail Consortium Sendmail 8.11.3
- MandrakeSoft Corporate Server 1.0.1
- Mandriva Linux Mandrake 8.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
- Slackware Linux 7.1
Sendmail Consortium Sendmail 8.11.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
Sendmail Consortium Sendmail 8.11.1
Sendmail Consortium Sendmail 8.11
+ Compaq Tru64 5.1 b
+ Compaq Tru64 5.1 a
+ Compaq Tru64 5.1
+ IBM AIX 5.2
+ IBM AIX 5.1
- Mandriva Linux Mandrake 7.2
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 7.0
+ SCO Open Server 5.0.6 a
+ SCO Open Server 5.0.6
+ SCO Open Server 5.0.5
+ SCO Open Server 5.0.4
Sendmail Consortium Sendmail 8.10.2
Sendmail Consortium Sendmail 8.10.1
Sendmail Consortium Sendmail 8.10
Sendmail Consortium Sendmail 8.9.3
+ Compaq Tru64 5.1 PK5 (BL19)
+ Compaq Tru64 5.0 a PK3 (BL17)
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ IBM AIX 4.3.3
+ SGI IRIX 6.5.19
+ SGI IRIX 6.5.18 m
+ SGI IRIX 6.5.18 f
+ SGI IRIX 6.5.17 m
+ SGI IRIX 6.5.17 f
+ SGI IRIX 6.5.16 m
+ SGI IRIX 6.5.16 f
+ SGI IRIX 6.5.15 m
+ SGI IRIX 6.5.15 f
+ SGI IRIX 6.5.14 m
+ SGI IRIX 6.5.14 f
+ SGI IRIX 6.5.13 m
+ SGI IRIX 6.5.13 f
+ SGI IRIX 6.5.12 m
+ SGI IRIX 6.5.12 f
+ SGI IRIX 6.5.11 m
+ SGI IRIX 6.5.11 f
+ SGI IRIX 6.5.10 m
+ SGI IRIX 6.5.10 f
+ SGI IRIX 6.5.9 m
+ SGI IRIX 6.5.9 f
+ SGI IRIX 6.5.8 m
+ SGI IRIX 6.5.8 f
+ SGI IRIX 6.5.7 m
+ SGI IRIX 6.5.7 f
Sendmail Consortium Sendmail 8.9.2
Sendmail Consortium Sendmail 8.9.1
Sendmail Consortium Sendmail 8.9 .0
Sendmail Consortium Sendmail 8.8.8
NetBSD NetBSD 1.6.1
NetBSD NetBSD 1.6 beta
NetBSD NetBSD 1.6
NetBSD NetBSD 1.5.3
NetBSD NetBSD 1.5.2
NetBSD NetBSD 1.5.1
NetBSD NetBSD 1.5 x86
NetBSD NetBSD 1.5 sh3
NetBSD NetBSD 1.5
NetBSD NetBSD 1.4.3
IBM AIX 4.3.3
IBM AIX 5.2
IBM AIX 5.1
HP HP-UX 11.22
HP HP-UX 11.11
HP HP-UX 11.0 4
HP HP-UX 11.0
Gentoo Linux 1.4 _rc3
Gentoo Linux 1.4 _rc2
Gentoo Linux 1.4 _rc1
Gentoo Linux 1.2
Gentoo Linux 1.1 a
Gentoo Linux 0.7
Gentoo Linux 0.5
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1 -RELEASE-p5
FreeBSD FreeBSD 5.0 -RELENG
FreeBSD FreeBSD 5.0 -RELEASE-p14
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7 -RELEASE-p17
FreeBSD FreeBSD 4.6 -RELENG
FreeBSD FreeBSD 4.6 -RELEASE-p20
FreeBSD FreeBSD 4.5 -RELENG
FreeBSD FreeBSD 4.5 -RELEASE-p32
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELEASE-p42
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE-p38
FreeBSD FreeBSD 4.0 -RELENG
FreeBSD FreeBSD 3.0 -RELENG
Compaq Tru64 5.1 b PK2 (BL22)
Compaq Tru64 5.1 b PK1 (BL1)
Compaq Tru64 5.1 b
Compaq Tru64 5.1 a PK5 (BL23)
Compaq Tru64 5.1 a PK4 (BL21)
Compaq Tru64 5.1 a PK3 (BL3)
Compaq Tru64 5.1 a PK2 (BL2)
Compaq Tru64 5.1 a PK1 (BL1)
Compaq Tru64 5.1 a
Compaq Tru64 5.1 PK6 (BL20)
Compaq Tru64 5.1 PK5 (BL19)
Compaq Tru64 5.1 PK4 (BL18)
Compaq Tru64 5.1 PK3 (BL17)
Compaq Tru64 5.1
Compaq Tru64 4.0 g PK4 (BL22)
Compaq Tru64 4.0 g PK3 (BL17)
Compaq Tru64 4.0 g
Compaq Tru64 4.0 f PK8 (BL22)
Compaq Tru64 4.0 f PK7 (BL18)
Compaq Tru64 4.0 f PK6 (BL17)
Compaq Tru64 4.0 f
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2
SGI IRIX 6.5.22
SGI IRIX 6.5.14
SGI IRIX 6.5.13
SGI IRIX 6.5.12
SGI IRIX 6.5.11
SGI IRIX 6.5.10
SGI IRIX 6.5.9
SGI IRIX 6.5.8
SGI IRIX 6.5.7
SGI IRIX 6.5.6
SGI IRIX 6.5.5
SGI IRIX 6.5.4
SGI IRIX 6.5.3
SGI IRIX 6.5.2
SGI IRIX 6.5.1
Sendmail Consortium Sendmail 8.12.10
+ Slackware Linux 9.0
+ Slackware Linux 8.1
+ Slackware Linux 8.1
+ Slackware Linux -current
+ Slackware Linux -current
+ Sun Solaris 9_x86
+ Sun Solaris 9
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
+ Sun Solaris 7.0_x86
+ Sun Solaris 7.0

- 不受影响的程序版本

SGI IRIX 6.5.22
SGI IRIX 6.5.14
SGI IRIX 6.5.13
SGI IRIX 6.5.12
SGI IRIX 6.5.11
SGI IRIX 6.5.10
SGI IRIX 6.5.9
SGI IRIX 6.5.8
SGI IRIX 6.5.7
SGI IRIX 6.5.6
SGI IRIX 6.5.5
SGI IRIX 6.5.4
SGI IRIX 6.5.3
SGI IRIX 6.5.2
SGI IRIX 6.5.1
Sendmail Consortium Sendmail 8.12.10
+ Slackware Linux 9.0
+ Slackware Linux 8.1
+ Slackware Linux 8.1
+ Slackware Linux -current
+ Slackware Linux -current
+ Sun Solaris 9_x86
+ Sun Solaris 9
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
+ Sun Solaris 7.0_x86
+ Sun Solaris 7.0

- 漏洞讨论

Sendmail is prone to a buffer overrun vulnerability in the prescan() function. This issue is different than the vulnerability described in BID 7230. This vulnerability could permit remote attackers to execute arbitrary code via vulnerable versions of Sendmail.

- 漏洞利用

Gyan Chawdhary &lt;gunnu45@hotmail.com&gt;, has supplied the following local proof of concept exploit:

- 解决方案

The vendor has released Sendmail 8.12.10 to address this issue. Administrators are advised to upgrade if possible. A patch is also available which can be applied to other versions.

Sun have released fixes to address this vulnerability in Sun Linux 5.0.7. Users who are affected by this issue are advised to apply relevant fixes as soon as possible. Please see Sun reference (Sun Linux Support - Sun Linux Patches (Sun)) for further details regarding obtaining and applying appropriate fixes.

HP has released an advisory HPSBUX0309-281 to address this issue. Please see the referenced advisory for more information.

HP has issued an early release patch (t64kit0020132-v40gb22-es-20031001.tar) and a related readme (t64kit0020132-v40gb22-es-20031001.README) to address this issue in Tru64 4.0G systems. On October 22 of 2003, HP released t64v51ab-ix-553-sendmail-ssrt3631.README for Tru64, which contains updated fixes for Tru64 UNIX 5.1B PK2 (BL22), and t64v51ab-ix-586-sendmail-ssrt3631 and t64v51ab-ix-594-sendmail-ssrt3631 for Tru64 UNIX 5.0A. See referenced readmes for further details.

HP has released a revised advisory HPSBUX0309-281 to address this issue. HP has also released an advisory (SSRT3631) for Tru64 UNIX. An advisory corresponding to DUXKIT0020136-V40FB22-ES-20031001 for Tru64 UNIX has also been released. Please see the referenced advisories for further details.

New Tru64 advisories were released October 9, 2003 with new download links for patches. An additional Tru64 advisory (corresponding to T64V51AB21-C0112900-17770-ES-20030402) was also released October 10, 2003 that provides new download links for 5.1A fixes. Another Tru64 advisory (corresponding to T64V40GB17-C0029200-17810-ES-20030403) was released October 13, 2003 that provides new download links for updated 4.0G fixes. HP has released an updated advisory (t64kit0020139-v51b20-es-20031001) for HP Tru64 UNIX 5.1 PK6. Please see the referenced advisories for further information regarding updating and applying fixes.

SGI has released an advisory (20030903-01-P), to address this issue. Users are advised to download and apply a relevant patch as soon as possible. Further information relating to obtaining and applying appropriate fixes is available in the referenced advisory. Fixes are linked below.

Conectiva has released an advisory (CLA-2003:742), to address this issue. Users are advised to download and apply a relevant fixes as soon as possible. Further information relating to obtaining and applying appropriate fixes is available in the referenced advisory.

Turbolinux has released an advisory (TLSA-2003-52), to address this issue. Users are advised to download and apply a relevant fix as soon as possible. Further information relating to obtaining and applying appropriate fixes is available in the referenced advisory.

Yellow Dog Linux has released an advisory (YDU-20030917-2), to address this issue. Users are advised to download and apply a relevant fix as soon as possible. Further information relating to obtaining and applying appropriate fixes is available in the referenced advisory. Fixes are linked below.

Gentoo Linux has released an advisory (200309-13) to address this issue for Gentoo Linux users. Users who are running net-mail/sendmail are advised to upgrade to sendmail-8.2.10 by issuing the following commands as root:

emerge sync
emerge sendmail
emerge clean

Immunix has released an advisory (IMNX-2003-7+-021-01), to address this issue. Users are advised to download and apply a relevant fix as soon as possible. Further information relating to obtaining and applying appropriate fixes is available in the referenced advisory. Fixes are linked below.

FreeBSD has released an advisory (FreeBSD-SA-03:13.sendmail), to address this issue. Users are advised to download and apply the relevant patch as soon as possible. Further information relating to obtaining and applying appropriate patches is available in the referenced advisory.

Debian has issued fixes for this vulnerability that are listed in advisory [DSA-384-1] (see reference section).

Red Hat has issued fixes, listed in [RHSA-2003:283-01] (see reference section).

OpenPKG has released an advisory (OpenPKG-SA-2003.041) to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Conectiva has released an advisory (CLA-2003:746), to address this issue for CLEE 1.0. Users are advised to download and apply a relevant fixes as soon as possible. Please see the referenced advisory for more information.

SuSE has released an advisory SuSE-SA:2003:040 to address this issue. Please see the referenced advisory for more information.

Sun has released an alert for Solaris to address this issue. Affected users are advised to apply an available patch. Sun has also released an alert for
Sun Linux advising disabling sendmail on affected systems. See referenced advisories for additional details.

Apple has released security advisory APPLE-SA-2003-09-22 to address this issue. See referenced advisory for additional details.

IBM has issued an advisory. APARs to address this issue are available.

See the advisory, MSS-OAR-E01-2003:1235.1, in the reference section for complete installation details.

NetBSD has stated versions 1.5 through 1.6.1 are affected by this issue if sendmail is enabled, which is not the default configuration. See referenced advisory for additional details.

HP advisory SSRT3631 revision 2 has been released to address this issue. See referenced advisory for further details regarding obtaining and applying fixes. Additional fixes are available for HP Tru64 UNIX (IX) Internet Express systems that are running sendmail versions 8.9.3 through 8.12.9.

SCO has released a seucrity advisory for OpenLinux (CSSA-2003-036.0) which contains fixes to address this issue. Further information on how to obtain and apply fixes can be found in the referenced advisory.

Revised HP advisory SSRT3631 has released to address this issue.

Sun has released an update to address this in Sun RaQ550. Please see the referenced web page for more information.

IBM is said to have released APARs to address this issue. Further information can be obtained by contacting the vendor.

Revised HP advisory has been released to address this issue.

Sun has released an update to address this in Sun RaQXTR. Please see the referenced web page for more information.

Sun has released an update to address this in Sun Qube3. Please see the referenced web page for more information.

Sun has released an updated RaQ4 fix.

Revised HP advisory HPSBUX0309-281: SSRT3631 Rev.7 has been released to address this issue.

Revised HP advisory HPSBUX0309-281: SSRT3631 Rev.8 has been released to address this issue.

SCO has released a security advisory for OpenServer (SCOSA-2004.11) along with fixes to address this issue. Further information on how to obtain and apply fixes can be found in the referenced advisory.


Sun Solaris 8_sparc

IBM AIX 5.1

Sun Solaris 7.0

HP HP-UX 11.0 4

HP HP-UX 11.22

Compaq Tru64 4.0 g

FreeBSD FreeBSD 4.7 -RELENG

Sun Linux 5.0.7

FreeBSD FreeBSD 5.1 -RELENG

FreeBSD FreeBSD 5.1 -RELEASE-p5

SGI IRIX 6.5.16

SGI IRIX 6.5.17 m

SGI IRIX 6.5.19 f

SGI IRIX 6.5.20 f

SGI IRIX 6.5.20 m

SGI IRIX 6.5.21 m

Sendmail Consortium Sendmail 8.10

Sendmail Consortium Sendmail 8.10.1

Sendmail Consortium Sendmail 8.11

Sendmail Consortium Sendmail 8.11.2

Sendmail Consortium Sendmail 8.11.3

Sendmail Consortium Sendmail 8.11.4

Sendmail Consortium Sendmail 8.11.5

Sendmail Consortium Sendmail 8.11.6

Sendmail Consortium Sendmail 8.12 beta12

Sendmail Consortium Sendmail 8.12 beta5

Sendmail Consortium Sendmail 8.12.1

Sendmail Consortium Sendmail 8.12.3

Sendmail Consortium Sendmail 8.12.7

Sendmail Consortium Sendmail 8.12.8

Sendmail Consortium Sendmail 8.9 .0

Sendmail Consortium Sendmail 8.9.2

Sendmail Consortium Sendmail 8.9.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站