Sendmail Ruleset Parsing 缓冲区溢出漏洞

漏洞信息详情

Sendmail Ruleset Parsing 缓冲区溢出漏洞

• CNNVD编号：CNNVD-200310-016
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2003-0681
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2003-10-06
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-08-24
  
• 厂        商：
  
  turbolinux
• 漏洞来源：
  Discovery of this …

Sendmail 8.12.9版本在ruleset parsing存在潜在缓冲区溢出漏洞。当使用不标准的rulesets(1)recipient，(2)final，或者(3)mailer-specific信封收件人，该漏洞具有未知的后果。

The vendor has released Sendmail 8.12.10 to address this issue. Please see the references for more information.
HP HP-UX B.11.23

• HP PHNE_35485
  
  http://itrc.hp.com

HP HP-UX B.11.11

• HP PHNE_35484
  
  http://itrc.hp.com

HP HP-UX B.11.00

• HP PHNE_35483
  
  http://itrc.hp.com

OpenBSD OpenBSD 3.2

• OpenBSD 018_sendmail.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/018_sendmail.patc
  h

Sun Cobalt RaQ 4

• Sun RaQ4-All-Security-2.0.2-16620.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0.
  2-16620.pkg

HP HP-UX 11.0 4

• HP sendmail.893.11.00.r4.gz
  ftp://sendmail:sendmail@hprc.external.hp.com/sendmail.893.11.00.r4.gz

HP HP-UX 11.11

• HP sendmail.811.11.11.r4.gz
  ftp://sendmail:sendmail@hprc.external.hp.com/sendmail.811.11.11.r4.gz
• HP sendmail.811.11.22.r5.gz
  ftp://sendmail:sendmail@hprc.external.hp.com/sendmail.811.11.22.r5.gz
• HP sendmail_893.11.11.r4.gz
  ftp://sendmail:sendmail@hprc.external.hp.com/sendmail_893.11.11.r4.gz

HP HP-UX 11.22

• HP sendmail.811.11.22.r5.gz
  ftp://sendmail:sendmail@hprc.external.hp.com/sendmail.811.11.22.r5.gz

Sendmail Consortium Sendmail 8.10

• Sendmail Consortium Sendmail 8.12.10
  
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.10.1

• Sendmail Consortium Sendmail 8.12.10
  
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.10.2

• Sendmail Consortium Sendmail 8.12.10
  
  http://www.sendmail.org/8.12.10.html
• Sun RaQ4-All-Security-2.0.2-16620.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0.
  2-16620.pkg
• Sun Qube3-All-Security-4.0.1-16620.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0
  .1-16620.pkg
• Sun RaQXTR-All-Security-1.0.1-16620.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security-
  1.0.1-16620.pkg

Sendmail Consortium Sendmail 8.11

• Sendmail Consortium Sendmail 8.12.10
  
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.11.2

• Sendmail Consortium Sendmail 8.12.10
  
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.11.3

• Sendmail Consortium Sendmail 8.12.10
  
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.11.4

• Sendmail Consortium Sendmail 8.12.10
  
  http://www.sendmail.org/8.12.10.html
• TurboLinux sendmail-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/
  7/updates/RPMS/sendmail-8.11.6-12.i586.rpm
• TurboLinux sendmail-cf-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/
  7/updates/RPMS/sendmail-cf-8.11.6-12.i586.rpm
• TurboLinux sendmail-doc-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/
  7/updates/RPMS/sendmail-doc-8.11.6-12.i586.rpm

Sendmail Consortium Sendmail 8.11.5

• Sendmail Consortium Sendmail 8.12.10
  
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.11.6

• Sendmail Consortium Sendmail 8.12.10
  
  http://www.sendmail.org/8.12.10.html
• TurboLinux sendmail-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd
  ates/RPMS/sendmail-8.11.6-12.i586.rpm
• TurboLinux sendmail-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/
  8/updates/RPMS/sendmail-8.11.6-12.i586.rpm
• TurboLinux sendmail-cf-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd
  ates/RPMS/sendmail-cf-8.11.6-12.i586.rpm
• TurboLinux sendmail-cf-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/
  8/updates/RPMS/sendmail-cf-8.11.6-12.i586.rpm
• TurboLinux sendmail-doc-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd
  ates/RPMS/sendmail-doc-8.11.6-12.i586.rpm
• TurboLinux sendmail-doc-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/
  8/updates/RPMS/sendmail-doc-8.11.6-12.i586.rpm

Sendmail Consortium Sendmail 8.12 beta12

• Sendmail Consortium Sendmail 8.12.10
  

  参考网址

  来源:US-CERT Vulnerability Note: VU#108964
  名称: VU#108964
  链接:http://www.kb.cert.org/vuls/id/108964

  来源: www.sendmail.org
  链接:http://www.sendmail.org/8.12.10.html

  来源: XF
  名称: sendmail-ruleset-parsing-bo(13216)
  链接:http://xforce.iss.net/xforce/xfdb/13216

  来源: BID
  名称: 8649
  链接:http://www.securityfocus.com/bid/8649

  来源: REDHAT
  名称: RHSA-2003:283
  链接:http://www.redhat.com/support/errata/RHSA-2003-283.html

  来源: DEBIAN
  名称: DSA-384
  链接:http://www.debian.org/security/2003/dsa-384

  来源: BUGTRAQ
  名称: 20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)
  链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106398718909274&w=2

  来源: BUGTRAQ
  名称: 20030917 GLSA: sendmail (200309-13)
  链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106383437615742&w=2

  来源: CONECTIVA
  名称: CLA-2003:742
  链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742

  来源: MANDRAKE
  名称: MDKSA-2003:092
  链接:http://www.mandriva.com/security/advisories?name=MDKSA-2003:092

  来源: US Government Resource: oval:org.mitre.oval:def:595
  名称: oval:org.mitre.oval:def:595
  链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:595

  来源: US Government Resource: oval:org.mitre.oval:def:3606
  名称: oval:org.mitre.oval:def:3606
  链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3606