Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2003:028 (sendmail)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50692

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2003:028 (sendmail)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to sendmail
announced via advisory MDKSA-2003:028.

A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force
that involves mail header manipulation that can result in a remote
user gaining root access to the system running the vulnerable
sendmail.

Patches supplied by the sendmail development team have been applied to
correct this issue. MandrakeSoft encourages all users who have chosen
to use sendmail (as opposed to the default MTA, postfix) to upgrade to
this version of sendmail immediately.

Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0, Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1337
http://www.kb.cert.org/vuls/id/398025
http://www.cert.org/advisories/CA-2003-07.html

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: BugTraq ID: 6991
Common Vulnerability Exposure (CVE) ID: CVE-2002-1337
AIX APAR: IY40500
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
AIX APAR: IY40501
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
AIX APAR: IY40502
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
http://www.securityfocus.com/bid/6991
Bugtraq: 20030303 Fwd: APPLE-SA-2003-03-03 sendmail (Google Search)
http://marc.info/?l=bugtraq&m=104678862109841&w=2
Bugtraq: 20030303 sendmail 8.12.8 available (Google Search)
http://marc.info/?l=bugtraq&m=104673778105192&w=2
Bugtraq: 20030304 GLSA: sendmail (200303-4) (Google Search)
http://marc.info/?l=bugtraq&m=104678862409849&w=2
Bugtraq: 20030304 [LSD] Technical analysis of the remote sendmail vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=104678739608479&w=2
Caldera Security Advisory: CSSA-2003-SCO.5
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
Caldera Security Advisory: CSSA-2003-SCO.6
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
http://www.cert.org/advisories/CA-2003-07.html
CERT/CC vulnerability note: VU#398025
http://www.kb.cert.org/vuls/id/398025
Conectiva Linux advisory: CLA-2003:571
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
Debian Security Information: DSA-257 (Google Search)
http://www.debian.org/security/2003/dsa-257
FreeBSD Security Advisory: FreeBSD-SA-03:04
HPdes Security Advisory: HPSBUX0302-246
http://marc.info/?l=bugtraq&m=104679411316818&w=2
ISS Security Advisory: 20030303 Remote Sendmail Header Processing Vulnerability
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
NETBSD Security Advisory: NetBSD-SA2003-002
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222
http://www.redhat.com/support/errata/RHSA-2003-073.html
http://www.redhat.com/support/errata/RHSA-2003-074.html
http://www.redhat.com/support/errata/RHSA-2003-227.html
SGI Security Advisory: 20030301-01-P
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
SuSE Security Announcement: SuSE-SA:2003:013 (Google Search)
http://www.iss.net/security_center/static/10748.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50692
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2003:028 (sendmail)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to sendmail announced via advisory MDKSA-2003:028. A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this issue. MandrakeSoft encourages all users who have chosen to use sendmail (as opposed to the default MTA, postfix) to upgrade to this version of sendmail immediately. Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1337 http://www.kb.cert.org/vuls/id/398025 http://www.cert.org/advisories/CA-2003-07.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	BugTraq ID: 6991 Common Vulnerability Exposure (CVE) ID: CVE-2002-1337 AIX APAR: IY40500 http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only AIX APAR: IY40501 http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only AIX APAR: IY40502 http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only http://www.securityfocus.com/bid/6991 Bugtraq: 20030303 Fwd: APPLE-SA-2003-03-03 sendmail (Google Search) http://marc.info/?l=bugtraq&m=104678862109841&w=2 Bugtraq: 20030303 sendmail 8.12.8 available (Google Search) http://marc.info/?l=bugtraq&m=104673778105192&w=2 Bugtraq: 20030304 GLSA: sendmail (200303-4) (Google Search) http://marc.info/?l=bugtraq&m=104678862409849&w=2 Bugtraq: 20030304 [LSD] Technical analysis of the remote sendmail vulnerability (Google Search) http://marc.info/?l=bugtraq&m=104678739608479&w=2 Caldera Security Advisory: CSSA-2003-SCO.5 ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 Caldera Security Advisory: CSSA-2003-SCO.6 ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 http://www.cert.org/advisories/CA-2003-07.html CERT/CC vulnerability note: VU#398025 http://www.kb.cert.org/vuls/id/398025 Conectiva Linux advisory: CLA-2003:571 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 Debian Security Information: DSA-257 (Google Search) http://www.debian.org/security/2003/dsa-257 FreeBSD Security Advisory: FreeBSD-SA-03:04 HPdes Security Advisory: HPSBUX0302-246 http://marc.info/?l=bugtraq&m=104679411316818&w=2 ISS Security Advisory: 20030303 Remote Sendmail Header Processing Vulnerability http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028 NETBSD Security Advisory: NetBSD-SA2003-002 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222 http://www.redhat.com/support/errata/RHSA-2003-073.html http://www.redhat.com/support/errata/RHSA-2003-074.html http://www.redhat.com/support/errata/RHSA-2003-227.html SGI Security Advisory: 20030301-01-P ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P SuSE Security Announcement: SuSE-SA:2003:013 (Google Search) http://www.iss.net/security_center/static/10748.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com