1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - --------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-4 |
6 |
- - --------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE : sendmail |
9 |
SUMMARY : remote root exploit |
10 |
DATE : 2003-03-04 10:12 UTC |
11 |
EXPLOIT : remote |
12 |
VERSIONS AFFECTED : <8.12.8 |
13 |
FIXED VERSION : =>8.12.8 |
14 |
CVE : CAN-2002-1337 |
15 |
|
16 |
- - --------------------------------------------------------------------- |
17 |
|
18 |
- From advisory: |
19 |
|
20 |
"Attackers may remotely exploit this vulnerability to gain "root" or |
21 |
superuser control of any vulnerable Sendmail server. Sendmail and all |
22 |
other email servers are typically exposed to the Internet in order to |
23 |
send and receive Internet email. Vulnerable Sendmail servers will not be |
24 |
protected by legacy security devices such as firewalls and/or packet |
25 |
filters. This vulnerability is especially dangerous because the exploit |
26 |
can be delivered within an email message and the attacker doesn't need |
27 |
any specific knowledge of the target to launch a successful attack." |
28 |
|
29 |
Read the full advisory at: |
30 |
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 |
31 |
|
32 |
SOLUTION |
33 |
|
34 |
It is recommended that all Gentoo Linux users who are running |
35 |
net-mail/sendmail upgrade to sendmail-8.12.8 as follows: |
36 |
|
37 |
emerge sync |
38 |
emerge -u sendmail |
39 |
emerge clean |
40 |
|
41 |
- - --------------------------------------------------------------------- |
42 |
aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz |
43 |
- - --------------------------------------------------------------------- |
44 |
-----BEGIN PGP SIGNATURE----- |
45 |
Version: GnuPG v1.2.1 (GNU/Linux) |
46 |
|
47 |
iD8DBQE+ZHwhfT7nyhUpoZMRAh+bAJ4yX5o69EZxFoch2UeGChysnP4ItwCbBqec |
48 |
Kfwwgu9H1hfXnArVUBTmZtY= |
49 |
=cliQ |
50 |
-----END PGP SIGNATURE----- |