Debian update for sendmail - Secunia Advisories - Vulnerability Intelligence

Debian update for sendmail
Secunia Advisory:	SA8797	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2003-05-16
Popularity:	6,672 views

Critical:	Less critical
Impact:	Privilege escalation
Where:	Local system
Solution Status:	Vendor Patch

OS:	Debian GNU/Linux 2.x Debian GNU/Linux 3.0 Debian GNU/Linux unstable alias sid

Subscribe:	Instant alerts on relevant vulnerabilities

Description: Debian has issued an update for sendmail to fix a privilege escalation vulnerability. Only few details has been given, but the problem seems to be that the scripts expn, checksendmail and doublebounce.pl creates insecure temporary files. This could be exploited by malicious local users to gain privileges of the user executing one of these scripts by manipulating the temporary files. Solution: Debian GNU/Linux 3.0 alias woody Source archives: http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4.dsc Size/MD5 checksum: 751 a7ee211817b085cd9ec16b91d9b15e40 http://security.debian.org/pool/updat.../sendmail/sendmail_8.12.3-6.4.diff.gz Size/MD5 checksum: 254004 fdafe4a26c22db6844bfba3cf3f5c150 http://security.debian.org/pool/updat.../sendmail/sendmail_8.12.3.orig.tar.gz Size/MD5 checksum: 1840401 b198b346b10b3b5afc8cb4e12c07ff4d Architecture independent components: http://security.debian.org/pool/updat...dmail/sendmail-doc_8.12.3-6.4_all.deb Size/MD5 checksum: 747626 68962801ab229167f31f52d9b9aea4ca Alpha architecture: http://security.debian.org/pool/updat...il/libmilter-dev_8.12.3-6.4_alpha.deb Size/MD5 checksum: 267738 ac9f3641c7256cd406ea6d900fcf478d http://security.debian.org/pool/updat...endmail/sendmail_8.12.3-6.4_alpha.deb Size/MD5 checksum: 1109330 1b259d1b5dc2b7c3d2ed35da6ff14c8d ARM architecture: http://security.debian.org/pool/updat...mail/libmilter-dev_8.12.3-6.4_arm.deb Size/MD5 checksum: 247474 43abe86241c0ced4931b602505e8f194 http://security.debian.org/pool/updat.../sendmail/sendmail_8.12.3-6.4_arm.deb Size/MD5 checksum: 979268 8618fd412f56022ba4fab7c3c20bd633 Intel IA-32 architecture: http://security.debian.org/pool/updat...ail/libmilter-dev_8.12.3-6.4_i386.deb Size/MD5 checksum: 237226 2044308a32e930663f6a85d67ffe29df http://security.debian.org/pool/updat...sendmail/sendmail_8.12.3-6.4_i386.deb Size/MD5 checksum: 917564 ec4d0e7bec9c8b2ff8825d1cdb127609 Intel IA-64 architecture: http://security.debian.org/pool/updat...ail/libmilter-dev_8.12.3-6.4_ia64.deb Size/MD5 checksum: 281920 52d959e3200497065a01940ecdfcd2bc http://security.debian.org/pool/updat...sendmail/sendmail_8.12.3-6.4_ia64.deb Size/MD5 checksum: 1332584 bcc17145035c3489bc549394c439b39c HP Precision architecture: http://security.debian.org/pool/updat...ail/libmilter-dev_8.12.3-6.4_hppa.deb Size/MD5 checksum: 261588 8a723a94e65fae545477c50bc5ddbde0 http://security.debian.org/pool/updat...sendmail/sendmail_8.12.3-6.4_hppa.deb Size/MD5 checksum: 1081110 bd650bd43791051924346261e00ebdd6 Motorola 680x0 architecture: http://security.debian.org/pool/updat...ail/libmilter-dev_8.12.3-6.4_m68k.deb Size/MD5 checksum: 231056 4a895563d173c29e44145799483c74c5 http://security.debian.org/pool/updat...sendmail/sendmail_8.12.3-6.4_m68k.deb Size/MD5 checksum: 865698 f26fca022aa78eaf55c67eece4fd8b0e Big endian MIPS architecture: http://security.debian.org/pool/updat...ail/libmilter-dev_8.12.3-6.4_mips.deb Size/MD5 checksum: 255082 245d7936db41f577318588ae8ae15379 http://security.debian.org/pool/updat...sendmail/sendmail_8.12.3-6.4_mips.deb Size/MD5 checksum: 1022152 3ba322f09c8b7d55e737c0f3e483a950 Little endian MIPS architecture: http://security.debian.org/pool/updat...l/libmilter-dev_8.12.3-6.4_mipsel.deb Size/MD5 checksum: 254774 b3dde1b51d7adfeae424d9b7ec28310f http://security.debian.org/pool/updat...ndmail/sendmail_8.12.3-6.4_mipsel.deb Size/MD5 checksum: 1022550 06afa6f123968a790705e70d04aa3817 PowerPC architecture: http://security.debian.org/pool/updat.../libmilter-dev_8.12.3-6.4_powerpc.deb Size/MD5 checksum: 257196 787607f3b0942bdcda2524fee079b685 http://security.debian.org/pool/updat...dmail/sendmail_8.12.3-6.4_powerpc.deb Size/MD5 checksum: 978572 c87772f045e8a195a407ca5e2bf9260b IBM S/390 architecture: http://security.debian.org/pool/updat...ail/libmilter-dev_8.12.3-6.4_s390.deb Size/MD5 checksum: 242516 0432637a093525753d0d5e99ce202f9f http://security.debian.org/pool/updat...sendmail/sendmail_8.12.3-6.4_s390.deb Size/MD5 checksum: 966240 88034a608cb3088d6fd161ef7bac4e4b Sun Sparc architecture: http://security.debian.org/pool/updat...il/libmilter-dev_8.12.3-6.4_sparc.deb Size/MD5 checksum: 245230 2803eeeb467ee54214a5eb1ed0dbe8ae http://security.debian.org/pool/updat...endmail/sendmail_8.12.3-6.4_sparc.deb Size/MD5 checksum: 982536 936f98f405ab5257a16ae8a7f0df98c4 Debian GNU/Linux 2.2 alias potato Source archives: http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1.dsc Size/MD5 checksum: 548 21af6ab3f17a5a7a24773f7f983ac22f http://security.debian.org/pool/updat.../sendmail/sendmail_8.9.3-26.1.diff.gz Size/MD5 checksum: 144132 bca5d4b77deafc3de7ddbceaf852b971 http://security.debian.org/pool/updat...s/sendmail/sendmail_8.9.3.orig.tar.gz Size/MD5 checksum: 1068290 efedacfbce84a71d1cfb0e617b84596e Alpha architecture: http://security.debian.org/pool/updat...endmail/sendmail_8.9.3-26.1_alpha.deb Size/MD5 checksum: 990020 d1e11af47d0588338f4df6eacdf1c323 ARM architecture: http://security.debian.org/pool/updat.../sendmail/sendmail_8.9.3-26.1_arm.deb Size/MD5 checksum: 949082 a2e76b02dbaac5f4c73d2dd67661c246 Intel IA-32 architecture: http://security.debian.org/pool/updat...sendmail/sendmail_8.9.3-26.1_i386.deb Size/MD5 checksum: 932162 efc055a7886aec1c676473da43a5d697 Motorola 680x0 architecture: http://security.debian.org/pool/updat...sendmail/sendmail_8.9.3-26.1_m68k.deb Size/MD5 checksum: 918168 61a2ebfce59a22d7507b78cdcef9ad07 PowerPC architecture: http://security.debian.org/pool/updat...dmail/sendmail_8.9.3-26.1_powerpc.deb Size/MD5 checksum: 934202 206721bdc8a219ec815b1ac54f7cc774 Sun Sparc architecture: http://security.debian.org/pool/updat...endmail/sendmail_8.9.3-26.1_sparc.deb Size/MD5 checksum: 946190 25e16f0521a4c9a0f79496de98926f41

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	20
New vulnerabilities:	45
Updated advisories:	31

Not // 120 views

Linux Kernel PARISC "parisc_show_stack() " Denial of Service

Not // 110 views

IBM HMC HTTP TRACE Response Cross-Site Scripting Weakness

Moderately // 180 views

PHP ZipArchive::extractT o() Directory Traversal Vulnerability

Moderately // 136 views

RSyslog "AllowedSender" Security Bypass Vulnerability

Moderately // 208 views

Nagios Unspecified CGI Vulnerability

Highly // 174 views

RadAsm ".rap" Processing Buffer Overflow Vulnerability

Highly // 156 views

Multi SEO phpBB "pfad" File Inclusion Vulnerability

Moderately // 169 views

PowerDNS CH HINFO Denial of Service Vulnerability

Less // 174 views

Drupal Storm Module SQL Injection Vulnerabilities

Moderately // 160 views

Check Up System for Thai Healthcare "search" SQL Injection

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.