Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-278-1:72E2F
HistoryApr 04, 2003 - 12:00 a.m.

[SECURITY] [DSA 278-1] New sendmail packages fix denial of service

2003-04-0400:00:00
lists.debian.org
12

6.2 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.172 Low

EPSS

Percentile

96.1%

JSON

Debian Security Advisory DSA 278-1 [email protected]
http://www.debian.org/security/ Martin Schulze
April 4th, 2003 http://www.debian.org/security/faq

Package : sendmail
Vulnerability : char-to-int conversion
Problem-Type : local, maybe remote
Debian-specific: no
CVE Id : CAN-2003-0161
CERT Id : VU#897604 CA-2003-12

Michal Zalewski discovered a buffer overflow, triggered by a char to
int conversion, in the address parsing code in sendmail, a widely used
powerful, efficient, and scalable mail transport agent. This problem
is potentially remotely exploitable.

For the stable distribution (woody) this problem has been
fixed in version 8.12.3-6.2.

For the stable distribution (woody) this problem has been
fixed in version 8.9.3-26.

For the unstable distribution (sid) this problem has been
fixed in version 8.12.9-1.

We recommend that you upgrade your sendmail packages.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato

Source archives:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.dsc
  Size/MD5 checksum:      649 f11b024ef774130f7918b882a7318c78
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.diff.gz
  Size/MD5 checksum:   143360 2e9868662e4e28e548ed9f6da2982b41
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3.orig.tar.gz
  Size/MD5 checksum:  1068290 efedacfbce84a71d1cfb0e617b84596e

Alpha architecture:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_alpha.deb
  Size/MD5 checksum:   989736 a435c32c79785261bd0e7ec921718915

ARM architecture:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_arm.deb
  Size/MD5 checksum:   948306 1bdd277a28bd6a6c3c812053d11b1edd

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_i386.deb
  Size/MD5 checksum:   931838 36c569e21502a246dbdfba711b54842e

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_m68k.deb
  Size/MD5 checksum:   917632 8ed928ac433a6be8d3144bb435bf1cfd

PowerPC architecture:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_powerpc.deb
  Size/MD5 checksum:   933820 000557eff8d57fa2e479e8df52348f0b

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_sparc.deb
  Size/MD5 checksum:   945760 c2e0e3d1edb05a00d3e5b0d8ca1053c8

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2.dsc
  Size/MD5 checksum:      761 9eae4393094b7b163ecdddcd16dad19e
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2.diff.gz
  Size/MD5 checksum:   253152 1fcbf7838b267d06a8c6258d3ff56488
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
  Size/MD5 checksum:  1840401 b198b346b10b3b5afc8cb4e12c07ff4d

Architecture independent components:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.2_all.deb
  Size/MD5 checksum:   747408 5d83e06ac78cb55eabb9334235ec82ab

Alpha architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_alpha.deb
  Size/MD5 checksum:   267450 a8fd2edcabf581c8cef66fc1dcb5a8aa
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_alpha.deb
  Size/MD5 checksum:  1218398 cf5503083ecacd7049171922e2fe15c7

ARM architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_arm.deb
  Size/MD5 checksum:   247160 2a01bee8674426bc1a3ef3c40a39e4a1
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_arm.deb
  Size/MD5 checksum:  1066282 2dc41903235f6a88de369807e633f8c9

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_i386.deb
  Size/MD5 checksum:   236942 fb790940bcdfcd6231db136c6d381cb5
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_i386.deb
  Size/MD5 checksum:  1003484 b995fe58b4669c44eb52182dd9418418

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_ia64.deb
  Size/MD5 checksum:   281624 52e26ea36d2368392903adf05d89dd34
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_ia64.deb
  Size/MD5 checksum:  1482096 046c02549910b1a8392ddef7a562e5d9

HP Precision architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_hppa.deb
  Size/MD5 checksum:   261292 004fae2b6c8a12754521a18aa8086587
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_hppa.deb
  Size/MD5 checksum:  1183440 4fdef1c4f769dc00819e0c50baefb542

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_m68k.deb
  Size/MD5 checksum:   230756 eb81cfe3246e10351b018a16e29256cf
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_m68k.deb
  Size/MD5 checksum:   941698 18db8d5f9145f614525bca339b115aac

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_mips.deb
  Size/MD5 checksum:   254796 bde3bab2d8ca1cb7703284fb91ef1317
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_mips.deb
  Size/MD5 checksum:  1125560 cb304f8b210a750d63596649ba4e7b98

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_mipsel.deb
  Size/MD5 checksum:   254492 94d3ac5c26ff850e528c8daa51b725d2
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_mipsel.deb
  Size/MD5 checksum:  1126774 d47df658c70fa4f25fd83b1fa28c8a87

PowerPC architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_powerpc.deb
  Size/MD5 checksum:   256894 a3b2e7c0ce91f7d539d9f0494b71a236
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_powerpc.deb
  Size/MD5 checksum:  1073152 afd5d2e123ec40833f6e8b8143a0afbe

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_s390.deb
  Size/MD5 checksum:   242242 a87e4e47fcaacc7d289b8431d5c665d5
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_s390.deb
  Size/MD5 checksum:  1049752 32146f341d640d20afb522b4653e8b75

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.2_sparc.deb
  Size/MD5 checksum:   244946 d55d99adf61e55a08a0fa91a65ffca67
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.2_sparc.deb
  Size/MD5 checksum:  1069378 0383d42cdb29769f398df70bee7ea8b5

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

Related

securityvulns 2
nessus 9
openvas 6
redhat 1
debian 5
osv 2
suse 1
cert 1
nvd 1
debiancve 1
cve 1
cvelist 1
securityvulns
securityvulns
CERT Advisory CA-2003-12 Buffer Overflow in Sendmail
2003-03-31 00:00:00
Sendmail: -1 gone wild
2003-03-31 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : sendmail (MDKSA-2003:042-1)
2004-07-31 00:00:00
Debian DSA-290-1 : sendmail-wide - char-to-int conversion
2004-09-29 00:00:00
RHEL 2.1 : sendmail (RHSA-2003:121)
2004-07-06 00:00:00
openvas
openvas
Debian Security Advisory DSA 278-2 (sendmail)
2008-01-17 00:00:00
Debian Security Advisory DSA 290-1 (sendmail-wide)
2008-01-17 00:00:00
Debian Security Advisory DSA 278-2 (sendmail)
2008-01-17 00:00:00
redhat
redhat
(RHSA-2003:121) sendmail security update
2003-03-31 00:00:00
debian
debian
[SECURITY] [DSA 278-2] New sendmail packages fix DoS and arbitrary code execution
2003-04-04 14:57:35
[SECURITY] [DSA 278-1] New sendmail packages fix denial of service
2003-04-04 13:08:30
[SECURITY] [DSA 290-1] New sendmail-wide packages fix DoS and arbitrary code execution
2003-04-17 00:00:00
osv
osv
sendmail-wide - char-to-int conversion
2003-04-17 00:00:00
sendmail - char-to-int conversion
2003-04-04 00:00:00
suse
suse
local/remote privilege escalation in sendmail, sendmail-tls
2003-04-01 17:21:29
cert
cert
Sendmail address parsing buffer overflow
2003-03-29 00:00:00
nvd
nvd
CVE-2003-0161
2003-04-02 05:00:00
debiancve
debiancve
CVE-2003-0161
2003-04-02 05:00:00
cve
cve
CVE-2003-0161
2003-04-02 05:00:00
cvelist
cvelist
CVE-2003-0161
2003-04-01 05:00:00

6.2 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.172 Low

EPSS

Percentile

96.1%

JSON
Related for DEBIAN:DSA-278-1:72E2F
securityvulns2nessus9openvas6redhat1debian5osv2suse1cert1nvd1debiancve1cve1cvelist1