Sendmail prescan头处理远程溢出漏洞

admin
admin
admin
0
文章
0
评论
2022-07-12 10:10:25 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Sendmail prescan头处理远程溢出漏洞

  • CNNVD编号:CNNVD-200310-019
  • 危害等级: 超危
  • CVE编号: CVE-2003-0694
  • 漏洞类型: 边界条件错误
  • 发布时间: 2003-09-17
  • 威胁类型: 远程
  • 更新时间: 2006-08-24
  • 厂        商: turbolinux
  • 漏洞来源: Michal Zalewski※ l...

漏洞简介

Sendmail是一款互联网上最流行的邮件传输代理(MTA)。 Sendmail中的prescan()函数(与 http://www.nsfocus.net/index.php?act=sec_bug&do=view&bug_id=4625 描述的漏洞不同)存在问题,远程攻击者可以利用这个漏洞可能以Sendmail进程权限在系统上执行任意指令。 在Linux上的本地利用方法可以通过recipient.c和sendtolist(),利用用户提交的数据覆盖指针,在调用free()函数时可能导致指令重定向,攻击者可以构建恶意邮件消息提交给Sendmail解析可能以Sendmail进程权限在系统上执行任意指令。一般的利用方式是通过parseaddr()函数间接调用prescan()函数来覆盖一些数据结构来触发溢出,也有可能存在其他的利用方式,远程利用此漏洞也是可能的。

漏洞公告

临时解决方法: 如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:

* 停止使用Sendmail。

* 在配置文件中设置RunAsUser选项。但这仅能减小攻击所带来的威胁,并不能

彻底消除安全漏洞。 厂商补丁: Conectiva --------- Conectiva已经为此发布了一个安全公告(CLA-2003:742)以及相应补丁:

CLA-2003:742:sendmail

链接: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000742

补丁下载:

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sendmail-8.11.6-1U70_5cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sendmail-cf-8.11.6-1U70_5cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sendmail-doc-8.11.6-1U70_5cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/sendmail-8.11.6-1U70_5cl.src.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/sendmail-8.11.6-2U80_5cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/sendmail-cf-8.11.6-2U80_5cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/sendmail-doc-8.11.6-2U80_5cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/SRPMS/sendmail-8.11.6-2U80_5cl.src.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/sendmail-8.12.5-26986U90_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/sendmail-cf-8.12.5-26986U90_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/sendmail-doc-8.12.5-26986U90_3cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/SRPMS/sendmail-8.12.5-26986U90_3cl.src.rpm Debian ------ Debian已经为此发布了一个安全公告(DSA-384-1)以及相应补丁:

DSA-384-1:New sendmail packages fix buffer overflows

链接: http://www.debian.org/security/2002/dsa-384

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6.dsc

Size/MD5 checksum: 751 a7d0da0bedbe35592233cb9ce710f551

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6.diff.gz

Size/MD5 checksum: 255026 5a86a93275a55af8c92677469c4a8cd3

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz

Size/MD5 checksum: 1840401 b198b346b10b3b5afc8cb4e12c07ff4d

http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5.dsc

Size/MD5 checksum: 738 cc23a68bcf23332d560086c3c55cd16a

http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5.diff.gz

Size/MD5 checksum: 327218 7f2fc2d0efe7935713b2d77dec66359c

http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta.orig.tar.gz

Size/MD5 checksum: 1870451 4c7036e8042bae10a90da4a84a717963

Architecture independent components:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.6_all.deb

Size/MD5 checksum: 747778 9c4362147654d4f28d8346fa4ad84ed0

Alpha architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_alpha.deb

Size/MD5 checksum: 267842 4f53274558b9e29ca341721a68fb4adc

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_alpha.deb

Size/MD5 checksum: 1109340 78cb6eb6b340e5dc52982889532a844a

http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_alpha.deb

Size/MD5 checksum: 440712 b22b97caba3652ef2a7d9f35633e3040

ARM architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_arm.deb

Size/MD5 checksum: 247568 ac8f0778eb56f7c0a852fdc54ef071b1

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_arm.deb

Size/MD5 checksum: 979454 6b9898686e6361abe657c5fd75d962c5

http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_arm.deb

Size/MD5 checksum: 369568 3baf5caa46b2c9d0b67c6d60f47d8030

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_i386.deb

Size/MD5 checksum: 237374 0662e6e9bb58db37a1d8f511e4ba2fce

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_i386.deb

Size/MD5 checksum: 917848 3717265bb7ed3f5bd81fb9a712826cec

http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_i386.deb

Size/MD5 checksum: 328914 23af5c312cef6a53f000f4663980b11d

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_ia64.deb

Size/MD5 checksum: 282028 a35b9ca4cfc7a1c1ec6bdb1f2e00d8bb

http://security.debian.org/po

参考网址

来源:CERT/CC Advisory: CA-2003-25 名称: CA-2003-25 链接:http://www.cert.org/advisories/CA-2003-25.HTML 来源:US-CERT Vulnerability Note: VU#784980 名称: VU#784980 链接:http://www.kb.cert.org/vuls/id/784980 来源: www.sendmail.org 链接:http://www.sendmail.org/8.12.10.HTML 来源: REDHAT 名称: RHSA-2003:284 链接:http://www.redhat.com/support/errata/RHSA-2003-284.HTML 来源: REDHAT 名称: RHSA-2003:283 链接:http://www.redhat.com/support/errata/RHSA-2003-283.HTML 来源: DEBIAN 名称: DSA-384 链接:http://www.debian.org/security/2003/dsa-384 来源: BUGTRAQ 名称: 20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106398718909274&w=2 来源: BUGTRAQ 名称: 20030917 GLSA: sendmail (200309-13) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106383437615742&w=2 来源: BUGTRAQ 名称: 20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106382859407683&w=2 来源: BUGTRAQ 名称: 20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694] 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106381604923204&w=2 来源: CONECTIVA 名称: CLA-2003:742 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742 来源: VULNWATCH 名称: 20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug 链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.HTML 来源: FULLDISC 名称: 20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694] 链接:http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.HTML 来源: SCO 名称: SCOSA-2004.11 链接:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt 来源: MANDRAKE 名称: MDKSA-2003:092 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2003:092 来源: US Government Resource: oval:org.mitre.oval:def:603 名称: oval:org.mitre.oval:def:603 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:603 来源: US Government Resource: oval:org.mitre.oval:def:572 名称: oval:org.mitre.oval:def:572 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:572 来源: US Government Resource: oval:org.mitre.oval:def:2975 名称: oval:org.mitre.oval:def:2975 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2975

受影响实体

  • Turbolinux Turbolinux_workstation:8.0  
  • Turbolinux Turbolinux_workstation:7.0  
  • Turbolinux Turbolinux_workstation:6.0  
  • Turbolinux Turbolinux_server:8.0  
  • Turbolinux Turbolinux_server:7.0  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0