Date: 14 October 2003
References: ESB-2003.0583
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2003.0716 -- HEWLETT-PACKARD COMPANY SECURITY BULLETIN
SSRT3531 - HP Tru64 UNIX, HP-UX sendmail buffer overflow
14 October 2003
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: sendmail
Operating System: HP Tru64 UNIX V5.1B
HP Tru64 UNIX V5.1A
HP Tru64 UNIX V5.1
HP Tru64 UNIX V5.0A
HP Tru64 UNIX V4.0G
HP Tru64 UNIX V4.0F
HP-UX release 11.11 (11i)
HP-UX release 11.04 (VVOS)
HP-UX release 11.00
HP-UX release 10.20
HP-UX release 10.10
HP AlphaServer SC (Sierra Cluster)
HP Internet Express V5.4, V5.7, V5.8, V5.9, V6.0
HP AltaVista Firewall (AVFW98 / Raptor EC)
HP NonStop-UX (PUMA and Whitney platforms)
HP ProLiant Servers
Impact: Denial of Service
Increased Privileges
Access Required: Remote
CVE Names: CAN-2003-0161
Ref: AA-2003.01
AL-2003.05
ESB-2003.0583
Comment: The PGP signature for the HP bulletin is bad, however AusCERT
have independently verified the contents as being valid. Refer:
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?countrycode=1000&prodid=5730&source=SRB0074W.xml&dt=11&docid=16486
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SECURITY BULLETIN
REVISION: 1
SSRT3531 - HP Tru64 UNIX, HP-UX sendmail buffer overflow
Potential Security Vulnerability
- - ----------------------------------------------------------
NOTICE: There are no restrictions for distribution of this
Bulletin provided that it remains complete and intact.
RELEASE DATE: 10 October 2003
SEVERITY: 1
SOURCE: HEWLETT-PACKARD COMPANY
Software Security Response Team
REFERENCE: CERT CA-2003-12
PROBLEM SUMMARY
This bulletin has been updated to include a revised ERP kit
for HP Tru64 UNIX V5.1
This bulletin will be posted to the support
website within 24 hours of release to - www.hp.com
Use the SEARCH IN feature box, enter SSRT3531 in the search
window.
SSRT3531 sendmail - (Severity - High)
A potential security vulnerability has been reported that
may result in unauthorized Privileged Access or a Denial
of Service (DoS). This potential vulnerability may be in
the form of local and remote security domain risks.
VERSIONS IMPACTED
HP Tru64 UNIX V5.1B
HP Tru64 UNIX V5.1A
HP Tru64 UNIX V5.1
HP Tru64 UNIX V5.0A
HP Tru64 UNIX V4.0G
HP Tru64 UNIX V4.0F
HP-UX release 11.11 (11i)
HP-UX release 11.04 (VVOS)
HP-UX release 11.00
HP-UX release 10.20
HP-UX release 10.10
HP AlphaServer SC (Sierra Cluster)
HP Internet Express V5.4, V5.7, V5.8, V5.9, V6.0
HP AltaVista Firewall (AVFW98 / Raptor EC)
HP NonStop-UX (PUMA and Whitney platforms)
HP ProLiant Servers
NOT IMPACTED
HP-MPE/ix
HP NonStop Servers
HP OpenVMS
RESOLUTION
HP Tru64 UNIX
Early Release Patches (ERPs) are now available for all
supported versions of HP Tru64 UNIX and HP TruCluster
Server. The ERP kits use dupatch to install and will not
install over any Customer Specific Patches (CSPs) which
have file intersections with the ERPs. Contact your
normal support channel and request HP Tru64 services
elevate a case to Support Engineering if a CSP must be
merged with one of the ERPs.
The following ERP kits are applicable to any system
running HP Tru64 UNIX and HP TruCluster Server software.
The ERPs are designed for clustered and non-clustered
systems.
Please review the README file for each patch prior to
installation.
The ERP kits DO have file intersections with the following
previously released ERPs:
SSRT3469 - HP Tru64 UNIX sendmail Potential Security
Vulnerability
The Early Release Patch (ERP) corrections in this Security
Bulletin contain the corrections in SSRT3469 and are
designed to install standaloneor seamlessly over the
previous SSRT3469 patch kits.
Checking sendmail version information
To verify installation of the patch kit please run the
following command. You should see the patch information
indicating the security patches have been applied to your
version of sendmail.
# /usr/sbin/sendmail -d0.1 Version 8.9.3
Compiled with: LDAPMAP LOG MATCHGECOS MIME7TO8 MIME8TO7
NAMED_BIND NDBM NETINET NETUNIX NEWDB NIS QUEUE SCANF SMTP
USERDB XDEBUG
Includes patches for: SSRT3469 SSRT3531
For alternatives to using the Dupach ERP kit solutions
provided below please see the following Web page:
http://h30097.www3.hp.com/unix/AlternativesToUsingDupatch.ht
HP Tru64 UNIX/TruCluster Server V5.1B
Prerequisite: V5.1B with PK1 (BL1) installed
ERP Kit Name: T64V51BB1-C0008000-17812-ES-20030403.tar
Kit Location:
ftp://ftp1.support.compaq.com/public/unix/v5.1b/
HP Tru64 UNIX/TruCluster Server 5.1A
Prerequisite: V5.1A with PK4 (BL21) installed
ERP Kit Name: T64V51AB21-C0112900-17770-ES-20030402.tar
Kit Location:
ftp://ftp1.support.compaq.com/public/unix/v5.1a/
HP Tru64 UNIX/TruCluster Server V5.1
Prerequisite: V5.1 with PK6 (BL20) installed
ERP Kit Name: T64KIT0020139-V51B20-ES-20031001.tar
Kit Location:
ftp://ftp1.support.compaq.com/public/unix/v5.1/
HP Tru64 UNIX/TruCluster Server 5.0A
PREREQUISITE: Tru64 UNIX/TruCluster Server with PK3 (BL17)
installed
Please submit an IPMT case to request the 5.0A patch kit
for this SSRT.
HP Tru64 UNIX/TruCluster Server V4.0G
Prerequisite: V4.0G with PK3 (BL17) installed
ERP Kit Name: T64V40GB17-C0029200-17810-ES-20030403.tar
Kit Location:
ftp://ftp1.support.compaq.com/public/unix/v4.0g/
HP Tru64 UNIX/TruCluster V4.0F
Prerequisite: V4.0F with PK7 (BL18) installed
ERP Kit Name: DUV40FB18-C0093400-17811-ES-20030403.tar
ftp://ftp1.support.compaq.com/public/unix/v4.0f/
Please review the README file for each patch prior to
installation.
The fixes contained in the ERP kits will be available
in the following mainstream patch kits:
HP Tru64 UNIX 5.1B PK2
HP Tru64 UNIX 5.1A PK5
HP Tru64 UNIX 4.0G PK4
HP Tru64 UNIX 4.0F PK8
Information on how to verify MD5 and SHA1 checksums is
available at:
http://www.support.compaq.com/patches/whats-new.shtml
After completing the update, HP strongly recommends that you
perform an immediate backup of the system disk so that any
subsequent restore operations begin with updated software.
Otherwise, the updates must be re-applied after a future
restore operation. Also, if at some future time the system
is upgraded to a later patch release or version release,
reinstall the appropriate ERP.
HP AlphaServer SC (Sierra Cluster)
Customer should contact their normal HP support channel and
request early release patch kits for case SSRT3531 sendmail.
HP-UX
REF: SSRT3531
HP has provided notice of the availability of any necessary
solutions through the standard Security Bulletin announcement
Security Bulletin HPSBUX0304-253 and is available from your
normal HP Services support channel and will be available from:
http://itrc.hp.com
AVAILABILITY:Fixes are available for 10.20, 11.00, 11.04(VVOS),
and 11.11. This bulletin will be revised when
fixes are available for 10.10 and 11.22
Please review the Security Bulletin and README file(s) prior
to installation.
HP Internet Express for Tru64 UNIX
For any additional detail or questions, please contact your
normal HP Support channel for HP Internet Express for
HP Tru64 UNIX.
HP AltaVista Firewall
As the AltaVista Firewall SMTP Mail proxy invokes the sendmail
program locally on the server it's installed on making it
necessary to upgrade this version of Sendmail to the version
which has been produced by the HP Tru64 UNIX engineering group
in response to this reported potential sendmail vulnerability.
Please contact your normal HP (AVFW98 / Raptor EC) Support
channel for any additional solution information.
HP NonStop-UX
Please contact your normal HP NonStop-UX (PUMA and Whitney
platforms) Support channel for any additional solution
information.
HP ProLiant Servers
A cumulative solution is available from Sendmail Inc. and the
Sendmail Consortium that corrects the security issues and
provides a security patch for systems running Sendmail as
their mail transfer agent. The commercial "Sendmail Switch"
patch is located at the following Sendmail Inc.
IMPORTANT: Servers that have received the Sendmail security
pdate at the beginning of March are still potentially exposed
by this recent security vulnerability. However, the current
security patch provides a cumulative solution for the issue
announced at the end of March and the recently discovered
issue. See the Resolution section for information on the
current security patch.
URL:http://www.sendmail.com/security/index.shtml
If running Open Source Sendmail, refer to the following
Sendmail Consortium URL for patch details or upgrades:
http://www.sendmail.org/
Additional solution information is available in article
available by using the search window at www.hp.com
(enter: CB0165W).
SUPPORT: For further information, contact HP Services.
SUBSCRIBE: To subscribe to automatically receive future
Security Advisories from the Software Security Response
Team via electronic mail:
http://www.support.compaq.com/patches/mail-list.shtml
REPORT: To report a potential security vulnerability with
any HP supported product, send email to:
security-alert@hp.com
As always, HP urges you to periodically review your system
management and security procedures. HP will continue to
review and enhance the security features of its products
and work with our customers to maintain and improve the
security and integrity of their systems.
"HP is broadly distributing this Security Bulletin in order
to bring to the attention of users of the affected
HP products the important security information contained
in this Bulletin. HP recommends that all users determine
the applicability of this information to their individual
situations and take appropriate action. HP does not warrant
that this information is necessarily accurate or complete for
all user situations and, consequently, HP will not be
responsible for any damages resulting from user's use or
disregard of the information provided in this Bulletin."
©Copyright 2001, 2003 Hewlett-Packard Development
Company, L.P.
Hewlett-Packard Company shall not be liable for technical
or editorial errors or omissions contained herein.
The information in this document is subject to change
without notice. Hewlett-Packard Company and the names of
Hewlett-Packard products referenced herein are trademarks
of Hewlett-Packard Company in the United States and other
countries. Other product and company names mentioned herein
may be trademarks of their respective owners.
- -----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3
iQA/AwUBP4cD5+AfOvwtKn1ZEQJbNACgwKLcrlj1RjKxOxe3cg3X/Nvu0w4AoIfQ
z/XqWZLZcMFt8bOjqD1MG+5V
=pySG
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours which are GMT+10:00 (AEST). On call after hours
for member emergencies only.
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBP4tSoyh9+71yA2DNAQEjDAP/SRZIkxhe4NKF3tsEajOSp9s9rcq685Xv
FOGtb7asoD+e7Tb0WUH6ePzIDCjYTeK+4F+KM4cnoOKDqQvHhAZZcOsYmqSco+Pm
5WZg3glYTSQsiZ7ThbvZmKBLDURg9FaHjIkJN6PSRQy4c6R/XSJIjnKoDG+8yFTI
BiEKYh4b1P8=
=jFxV
-----END PGP SIGNATURE-----
|