Note: This is an archival copy of Security Sun Alert 200765 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000588.1.
Sun Cobalt Qube 3 Server
Sun Cobalt RaQ XTR Server
Sun Cobalt RaQ 4 Server
Sun Cobalt RaQ 550 Server
Date of Resolved Release
A buffer overflow vulnerability in the sendmail(1M) daemon within the prescan() function may allow a local or remote unprivileged user to execute arbitrary code.
For more information on this issue, please see:
This issue can occur in the following releases:
The sendmail(1M) package version can be determined by running the following command:
# rpm -qa | grep -i sendmail sendmail-8.11.6-3
There are no reliable symptoms that would show the described issue has been exploited.
Until patches can be applied, sites may wish to disable sendmail(1M).
To see if sendmail is enabled:
# /sbin/chkconfig --list sendmail sendmail 0:off 1:off 2:off 3:on 4:on 5:on 6:off
To disable sendmail for all the run levels:
# /sbin/chkconfig --del sendmail
Please see the man page for chkconfig(8) for more information.
Sun Linux patches are available at:
Patches for Qube3, RaQ4, RaQ 550, RaQ XTR are available at:
This solution has no attachment