|
Note: This is an archival copy of Security Sun Alert 200765 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000588.1. |
Category Security Release Phase Resolved Sun Cobalt Qube 3 Server Sun Cobalt RaQ XTR Server Sun Cobalt RaQ 4 Server Sun Cobalt RaQ 550 Server Bug Id 4924783 Date of Resolved Release 12-APR-2005 Impact A buffer overflow vulnerability in the sendmail(1M) daemon within the prescan() function may allow a local or remote unprivileged user to execute arbitrary code. For more information on this issue, please see:
Contributing Factors This issue can occur in the following releases: Sun Linux:
Sun Cobalt:
The sendmail(1M) package version can be determined by running the following command: # rpm -qa | grep -i sendmail sendmail-8.11.6-3 Symptoms There are no reliable symptoms that would show the described issue has been exploited. Workaround Until patches can be applied, sites may wish to disable sendmail(1M). To see if sendmail is enabled: # /sbin/chkconfig --list sendmail sendmail 0:off 1:off 2:off 3:on 4:on 5:on 6:off To disable sendmail for all the run levels: # /sbin/chkconfig --del sendmail Please see the man page for chkconfig(8) for more information. Resolution Sun Linux patches are available at: Patches for Qube3, RaQ4, RaQ 550, RaQ XTR are available at: Modification History Date: 30-SEP-2003
Date: 12-APR-2005
Attachments This solution has no attachment | |||||||||||||||
|
|