1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Sendmail Denial Of Service CVE-2003-0694

Attack: Sendmail Denial Of Service CVE-2003-0694

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a remote buffer overflow vulnerability in Sendmail.

Additional Information

Sendmail is prone to a buffer overrun vulnerability in the prescan() function. This issue is different than the vulnerability described in BID 7230. The issue exists in the parseaddr.c source file and could allow for corruption of stack or heap memory depending on where in the code the function is called from. One possible attack vector is if the function is indirectly invoked via parseaddr(), though others may also exist.

This vulnerability could permit remote attackers to execute arbitrary code via vulnerable versions of Sendmail. This would occur with the privileges of the server.

The vendor has reported that versions prior to version 8.12.10, are vulnerable. Additionally it has been reported that commercial releases including all versions of Sendmail Advanced Message Server, Sendmail Pro, Sendmail Switch and Sendmail for NT are also vulnerable.

Affected

  • Apple Mac OS X 10.2, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.2.6
  • Apple Mac OS X Server 10.2, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.2.6
  • Caldera OpenLinux Server 3.1
  • Caldera OpenLinux Workstation 3.1
  • Compaq Tru64 4.0 f, 4.0 f PK6 (BL17), 4.0 f PK7 (BL18), 4.0 f PK8 (BL22), 4.0 g, 4.0 g PK3 (BL17), 4.0 g PK4 (BL22), 5.1, 5.1 PK3 (BL17), 5.1 PK4 (BL18), 5.1 PK5 (BL19), 5.1 PK6 (BL20), 5.1 a, 5.1 a PK1 (BL1), 5.1 a PK2 (BL2), 5.1 a PK3 (BL3), 5.1 a PK4 (BL21), 5.1 a PK5 (BL23), 5.1 b, 5.1 b PK1 (BL1), 5.1 b PK2 (BL22)
  • Conectiva Linux 6.0, 7.0
  • FreeBSD FreeBSD 3.0-RELENG, 4.0-RELENG, 4.3-RELEASE-p38, 4.3-RELENG, 4.4-RELEASE-p42, 4.4-RELENG, 4.5-RELEASE-p32, 4.5-RELENG, 4.6-RELEASE-p20, 4.6-RELENG, 4.7-RELEASE-p17, 4.7-RELENG, 4.8-RELEASE-p7, 4.8-RELENG, 4.9-PRERELEASE, 5.0-RELEASE-p14, 5.0-RELENG, 5.1-RELEASE-p5, 5.1-RELENG
  • Gentoo Linux 0.5, 0.7, 1.1 a, 1.2, 1.4_rc1, 1.4_rc2, 1.4_rc3
  • HP HP-UX 11.0, 11.0 4, 11.11, 11.22
  • IBM AIX 4.3.3, 5.1, 5.2
  • NetBSD NetBSD 1.4.3, 1.5, 1.5 sh3, 1.5 x86, 1.5.1, 1.5.2, 1.5.3, 1.6, 1.6 beta, 1.6.1
  • RedHat Linux 7.0, 7.0 alpha, 7.0 i386, 7.0 sparc, 7.1, 7.1 alpha, 7.1 i386, 7.1 ia64
  • S.u.S.E. Linux 7.1, 7.1 alpha, 7.1 ppc, 7.1 sparc, 7.1 x86, 7.2, 7.2 i386
  • SCO Open Server 5.0.4, 5.0.5, 5.0.6, 5.0.6 a
  • Sendmail Consortium Sendmail 8.8.8, 8.9.0, 8.9.1, 8.9.2, 8.9.3, 8.10, 8.10.1, 8.10.2, 8.11, 8.11.1, 8.11.2, 8.11.3, 8.11.4, 8.11.5, 8.11.6, 8.12.0, 8.12 beta10, 8.12 beta12, 8.12 beta16, 8.12 beta5, 8.12 beta7, 8.12.1, 8.12.2, 8.12.3, 8.12.4, 8.12.5, 8.12.6, 8.12.7, 8.12.8, 8.12.9, 8.12.10
  • Sendmail Inc Sendmail Advanced Message Server 1.2, 1.3
  • Sendmail Inc Sendmail for NT 2.6, 2.6.1, 2.6.2, 3.0, 3.0.1, 3.0.2, 3.0.3
  • Sendmail Inc Sendmail Pro 8.9.2, 8.9.3
  • Sendmail Inc Sendmail Switch 2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 3.0, 3.0.1, 3.0.2, 3.0.3
  • SGI IRIX 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.5.11, 6.5.12, 6.5.13, 6.5.14, 6.5.15, 6.5.16, 6.5.17 f, 6.5.17 m, 6.5.18 f, 6.5.18 m, 6.5.19 f, 6.5.19 m, 6.5.20 f, 6.5.20 m, 6.5.21 f, 6.5.21 m, 6.5.22
  • Sun Cobalt Qube3 4000WG
  • Sun Cobalt RaQ 4
  • Sun Cobalt RaQ 550
  • Sun Cobalt RaQ XTR
  • Sun Cobalt RaQ XTR 3500R
  • Sun Cobalt RaQ4 3001R
  • Sun Linux 5.0.7
  • Sun Solaris 2.6, 2.6_x86, 7.0, 7.0_x86, 8.0, 8.0_x86, 9.0, 9.0_x86
  • Turbolinux Turbolinux Advanced Server 6.0
  • Turbolinux Turbolinux Server 6.1, 6.5, 7.0, 8.0
  • Turbolinux Turbolinux Workstation 6.0, 7.0, 8.0

Response

The vendor has released Sendmail 8.12.10 to address this issue. Administrators are advised to upgrade if possible. A patch is also available which can be applied to other versions.

Sun have released fixes to address this vulnerability in Sun Linux 5.0.7. Users who are affected by this issue are advised to apply relevant fixes as soon as possible. Please see Sun reference (Sun Linux Support - Sun Linux Patches (Sun)) for further details regarding obtaining and applying appropriate fixes.

HP has released an advisory HPSBUX0309-281 to address this issue. Please see the referenced advisory for more information.

HP has issued an early release patch (t64kit0020132-v40gb22-es-20031001.tar) and a related readme (t64kit0020132-v40gb22-es-20031001.README) to address this issue in Tru64 4.0G systems. On October 22 of 2003, HP released t64v51ab-ix-553-sendmail-ssrt3631.README for Tru64, which contains updated fixes for Tru64 UNIX 5.1B PK2 (BL22), and t64v51ab-ix-586-sendmail-ssrt3631 and t64v51ab-ix-594-sendmail-ssrt3631 for Tru64 UNIX 5.0A. See referenced readmes for further details.

HP has released a revised advisory HPSBUX0309-281 to address this issue. HP has also released an advisory (SSRT3631) for Tru64 UNIX. An advisory corresponding to DUXKIT0020136-V40FB22-ES-20031001 for Tru64 UNIX has also been released. Please see the referenced advisories for further details.

New Tru64 advisories were released October 9, 2003 with new download links for patches. An additional Tru64 advisory (corresponding to T64V51AB21-C0112900-17770-ES-20030402) was also released October 10, 2003 that provides new download links for 5.1A fixes. Another Tru64 advisory (corresponding to T64V40GB17-C0029200-17810-ES-20030403) was released October 13, 2003 that provides new download links for updated 4.0G fixes. HP has released an updated advisory (t64kit0020139-v51b20-es-20031001) for HP Tru64 UNIX 5.1 PK6. Please see the referenced advisories for further information regarding updating and applying fixes.

SGI has released an advisory (20030903-01-P), to address this issue. Users are advised to download and apply a relevant patch as soon as possible. Further information relating to obtaining and applying appropriate fixes is available in the referenced advisory. Fixes are linked below.

Conectiva has released an advisory (CLA-2003:742), to address this issue. Users are advised to download and apply a relevant fixes as soon as possible. Further information relating to obtaining and applying appropriate fixes is available in the referenced advisory.

Turbolinux has released an advisory (TLSA-2003-52), to address this issue. Users are advised to download and apply a relevant fix as soon as possible. Further information relating to obtaining and applying appropriate fixes is available in the referenced advisory.

Yellow Dog Linux has released an advisory (YDU-20030917-2), to address this issue. Users are advised to download and apply a relevant fix as soon as possible. Further information relating to obtaining and applying appropriate fixes is available in the referenced advisory. Fixes are linked below.

Gentoo Linux has released an advisory (200309-13) to address this issue for Gentoo Linux users. Users who are running net-mail/sendmail are advised to upgrade to sendmail-8.2.10 by issuing the following commands as root:

emerge sync
emerge sendmail
emerge clean

Immunix has released an advisory (IMNX-2003-7+-021-01), to address this issue. Users are advised to download and apply a relevant fix as soon as possible. Further information relating to obtaining and applying appropriate fixes is available in the referenced advisory. Fixes are linked below.

FreeBSD has released an advisory (FreeBSD-SA-03:13.sendmail), to address this issue. Users are advised to download and apply the relevant patch as soon as possible. Further information relating to obtaining and applying appropriate patches is available in the referenced advisory.

Debian has issued fixes for this vulnerability that are listed in advisory [DSA-384-1] (see reference section).

Red Hat has issued fixes, listed in [RHSA-2003:283-01] (see reference section).

OpenPKG has released an advisory (OpenPKG-SA-2003.041) to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Conectiva has released an advisory (CLA-2003:746), to address this issue for CLEE 1.0. Users are advised to download and apply a relevant fixes as soon as possible. Please see the referenced advisory for more information.

SuSE has released an advisory SuSE-SA:2003:040 to address this issue. Please see the referenced advisory for more information.

Sun has released an alert for Solaris to address this issue. Affected users are advised to apply an available patch. Sun has also released an alert for
Sun Linux advising disabling sendmail on affected systems. See referenced advisories for additional details.

Apple has released security advisory APPLE-SA-2003-09-22 to address this issue. See referenced advisory for additional details.

IBM has issued an advisory. APARs to address this issue are available.

See the advisory, MSS-OAR-E01-2003:1235.1, in the reference section for complete installation details.

NetBSD has stated versions 1.5 through 1.6.1 are affected by this issue if sendmail is enabled, which is not the default configuration. See referenced advisory for additional details.

HP advisory SSRT3631 revision 2 has been released to address this issue. See referenced advisory for further details regarding obtaining and applying fixes. Additional fixes are available for HP Tru64 UNIX (IX) Internet Express systems that are running sendmail versions 8.9.3 through 8.12.9.

SCO has released a seucrity advisory for OpenLinux (CSSA-2003-036.0) which contains fixes to address this issue. Further information on how to obtain and apply fixes can be found in the referenced advisory.

Revised HP advisory SSRT3631 has released to address this issue.

Sun has released an update to address this in Sun RaQ550. Please see the referenced web page for more information.

IBM is said to have released APARs to address this issue. Further information can be obtained by contacting the vendor.

Revised HP advisory has been released to address this issue.

Sun has released an update to address this in Sun RaQXTR. Please see the referenced web page for more information.

Sun has released an update to address this in Sun Qube3. Please see the referenced web page for more information.

Sun has released an updated RaQ4 fix.

Revised HP advisory HPSBUX0309-281: SSRT3631 Rev.7 has been released to address this issue.

Revised HP advisory HPSBUX0309-281: SSRT3631 Rev.8 has been released to address this issue.

SCO has released a security advisory for OpenServer (SCOSA-2004.11) along with fixes to address this issue. Further information on how to obtain and apply fixes can be found in the referenced advisory.


  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube