-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2003-24
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date : 31 Mar 2003
Last revised : 31 Mar 2003
Package : sendmail
Summary : Remotely exploitable vulnerability in sendmail
More information :
This vulnerability is triggered by an email message with a specially
crafted address.
Impact :
This vulnerability may allow remote third party to gain the root privileges.
Affected Products :
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
- Turbolinux Server 6.5
- Turbolinux Advanced Server 6
- Turbolinux Server 6.1
- Turbolinux Workstation 6.0
Solution :
Please use turbopkg tool to apply the update.
<Turbolinux 8 Server>
Source Packages
Size : MD5
sendmail-8.12.9-1.src.rpm
1906915 de3fef2ad1cd1b871940e7025a8feb50
Binary Packages
Size : MD5
sendmail-8.12.9-1.i586.rpm
439086 a2b4989b40a028d048fbea30fedaa69a
sendmail-cf-8.12.9-1.i586.rpm
144704 03df9f89d0a6999f91bc539acb109137
sendmail-devel-8.12.9-1.i586.rpm
120464 24a021c66c52de556f4987ded6530e57
sendmail-doc-8.12.9-1.i586.rpm
426337 4efe126dcc6d2d0a86c9fdbda597cf14
<Turbolinux 8 Workstation>
Source Packages
Size : MD5
sendmail-8.11.6-11.src.rpm
1415189 0358662121fafa8b461ba4b887b526dc
Binary Packages
Size : MD5
sendmail-8.11.6-11.i586.rpm
260435 d604944cef34710d08368a125f9db615
sendmail-cf-8.11.6-11.i586.rpm
117834 94dea006ee8f1b5d68d8ed9d612be620
sendmail-doc-8.11.6-11.i586.rpm
337936 e121912923b3f49321bb642fd8701cec
<Turbolinux 7 Server>
Source Packages
Size : MD5
sendmail-8.11.6-11.src.rpm
1415189 ad4f361f0cc4f10eedfc0becf4b6b852
Binary Packages
Size : MD5
sendmail-8.11.6-11.i586.rpm
258790 c9e820c8a61f15421e36a0af195d5d2b
sendmail-cf-8.11.6-11.i586.rpm
117842 a94e03d7e8c1d38644cad71156fea7cb
sendmail-doc-8.11.6-11.i586.rpm
338052 74b871bd3a793d7f4338b97469e2e13e
<Turbolinux 7 Workstation>
Source Packages
Size : MD5
sendmail-8.11.6-11.src.rpm
1415189 6d07cebc586b30b30e2e2ba8159bafc2
Binary Packages
Size : MD5
sendmail-8.11.6-11.i586.rpm
258750 f0464df99922dd351eb8768b5a0cd739
sendmail-cf-8.11.6-11.i586.rpm
117748 7f67a3a4737d72e3f7717ddebb7002a9
sendmail-doc-8.11.6-11.i586.rpm
337892 e4673d4bcfc413ec269a7a107782a63d
<Turbolinux Server 6.5>
Source Packages
Size : MD5
sendmail-8.9.3-30.src.rpm
1156837 a6d4e32fdbc866478fb661a2073ed974
Binary Packages
Size : MD5
sendmail-8.9.3-30.i386.rpm
224892 e002edf718c6631f91e018e69bdd5d93
sendmail-cf-8.9.3-30.i386.rpm
113483 ea54a7b5da3e6b98cc36cfcd952b5159
sendmail-doc-8.9.3-30.i386.rpm
496538 ba87f3b6e28234989e316f81a8fb1535
<Turbolinux Advanced Server 6>
Source Packages
Size : MD5
sendmail-8.9.3-30.src.rpm
1156837 5ce219c2f38972ab736fbf984f4760e6
Binary Packages
Size : MD5
sendmail-8.9.3-30.i386.rpm
224873 b98d39d465e92644c3011b6f3310d9d9
sendmail-cf-8.9.3-30.i386.rpm
113505 88b82910273f17b3f2a58779f4c756ee
sendmail-doc-8.9.3-30.i386.rpm
496547 aa09eb1cc5548c576f287a94448a2b4f
<Turbolinux Server 6.1>
Source Packages
Size : MD5
sendmail-8.9.3-30.src.rpm
1156837 5fa1b542b4ed97673a16cb6d5c50f9b1
Binary Packages
Size : MD5
sendmail-8.9.3-30.i386.rpm
224912 5243364f55eb2826548add0735dbebe6
sendmail-cf-8.9.3-30.i386.rpm
113511 0e01a3b2fe9c449e7413f8f70e1bfa32
sendmail-doc-8.9.3-30.i386.rpm
496546 06266f81073fff72dee13c436b432b17
<Turbolinux Workstation 6.0>
Source Packages
Size : MD5
sendmail-8.9.3-30.src.rpm
1156837 559cf00f6ee2d5b5e2f7141333c93a13
Binary Packages
Size : MD5
sendmail-8.9.3-30.i386.rpm
224888 2810757ed311d4623e00ea6ee6c957c6
sendmail-cf-8.9.3-30.i386.rpm
113517 032f63d7a24ffedbace719d7f7c61f15
sendmail-doc-8.9.3-30.i386.rpm
496537 c4a4b669565d07e39009ccf9e6cc6cb3
References :
sendmail.org
http://www.sendmail.org/8.12.9.html
CERT Advisory
[CA-2003-12]
http://www.cert.org/advisories/CA-2003-12.html
--------------------------------------------------------------------------
Revision History
31 Mar 2003 Initial release
--------------------------------------------------------------------------
Copyright(C) 2003 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+h84lK0LzjOqIJMwRAqXvAJ9kg6VSpKHTQ1oHj6IjrzYwEvc0qACeP5i6
H9qcufqav+N3NgVlkSmm6r8=
=Ntqt
-----END PGP SIGNATURE-----