Network Security Audits / Vulnerability Assessments by SecuritySpace

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2003-13
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date : 4 Mar 2003
Last revised           : 4 Mar 2003

Package : sendmail

Summry : Vulnerability in Sendmail mail header processing.

More information :
    The remotely exploitable vulnerability is triggered if an email message
    which has the informaiton of specially-crafted header is transmitted to the sendmail.

Impact :
    This vulnerability may allow remote third party to gain the root privileges.

Affected Products :
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation
    - Turbolinux Server 6.5
    - Turbolinux Advanced Server 6
    - Turbolinux Server 6.1
    - Turbolinux Workstation 6.0

Solution :
    Please use turbopkg tool to apply the update.

    If you need to confirm the version of current installed
    package, please issue rpm command as :

    # rpm -qa | grep PACKAGE-NAME

<Turbolinux 8 Server>

   Source Packages
   Size : MD5

   sendmail-8.12.8-1.src.rpm
      1155638 0d26e2de2019b49366f9f695c1b77cd5

   Binary Packages
   Size : MD5

   sendmail-8.12.8-1.i586.rpm
       224748 0e919498cce81f42b0c3c71673d662c5
   sendmail-cf-8.12.8-1.i586.rpm
       113462 af88996d08a4a0a99caa0e929696b441
   sendmail-devel-8.12.8-1.i586.rpm
       496475 5d6d65e20ba0038cfb9c302feb6898c3
   sendmail-doc-8.12.8-1.i586.rpm
      1155638 9ded4bfca1546536ddb75c03cb674ed1

<Turbolinux 8 Workstation>

   Source Packages
   Size : MD5

   sendmail-8.11.6-10.src.rpm
       224723 e0780366255eaf29ad6bc873fb3f5747

   Binary Packages
   Size : MD5

   sendmail-8.11.6-10.i586.rpm
       113475 38dfc8b6c8fa625966a515cb382ec089
   sendmail-cf-8.11.6-10.i586.rpm
       496493 32158f371c6efb444c1fdc41bd878331
   sendmail-doc-8.11.6-10.i586.rpm
      1155638 abb0c4b9fe46db52a605177a3c6f692d

<Turbolinux 7 Server>

   Source Packages
   Size : MD5

   sendmail-8.11.6-10.src.rpm
       224723 5840adf9197cac79f1e6817fe285f989

   Binary Packages
   Size : MD5

   sendmail-8.11.6-10.i586.rpm
       113595 c5ffd7cac470fc31b8f56d0ce2395d20
   sendmail-cf-8.11.6-10.i586.rpm
       496432 c4b671d3d89b7162b6b16da90342733b
   sendmail-doc-8.11.6-10.i586.rpm
      1413836 847cfbae58b77d7eb27b946654cc489b

<Turbolinux 7 Workstation>

   Source Packages
   Size : MD5

   sendmail-8.11.6-10.src.rpm
       258519 61e6bd0b63e17182effbc455d9743776

   Binary Packages
   Size : MD5

   sendmail-8.11.6-10.i586.rpm
       117961 86092d866ad01b70ebf258696e76b4be
   sendmail-cf-8.11.6-10.i586.rpm
       337982 c1859b44c794e6429a429b8f04f5cf79
   sendmail-doc-8.11.6-10.i586.rpm
      1898863 29908c0517db518041574d6b5cef05ee

<Turbolinux Server 6.5>

   Source Packages
   Size : MD5

   sendmail-8.9.3-29.src.rpm
       438716 c23289e0d85652febf984ab7f7af3a57

   Binary Packages
   Size : MD5

   sendmail-8.9.3-29.i386.rpm
       144477 c80140815da9a1f12ffc1cce339f1319
   sendmail-cf-8.9.3-29.i386.rpm
       120154 c99a3b9a09c7715055c54bb6915d8d74
   sendmail-doc-8.9.3-29.i386.rpm
       425573 06b71ecd686434c124fed59abd855757

<Turbolinux Advanced Server 6>

   Source Packages
   Size : MD5

   sendmail-8.9.3-29.src.rpm
      1155638 0844d66a98661e3cc13894155797d753

   Binary Packages
   Size : MD5

   sendmail-8.9.3-29.i386.rpm
       224718 82d7dcb7f729b0e203192732c0736a0f
   sendmail-cf-8.9.3-29.i386.rpm
       113454 8a3564cabaefbc00685b25b287e66790
   sendmail-doc-8.9.3-29.i386.rpm
       496459 0d88b13dd693b4245af391b65ea2d325

<Turbolinux Server 6.1>

   Source Packages
   Size : MD5

   sendmail-8.9.3-29.src.rpm
      1413836 7acf20f358e6143d81786c24514c5973

   Binary Packages
   Size : MD5

   sendmail-8.9.3-29.i386.rpm
       258529 d86bc3bfa08aa51e8277c10ee725e020
   sendmail-cf-8.9.3-29.i386.rpm
       118020 e22f171e821ef3813284c1d9390cbc9a
   sendmail-doc-8.9.3-29.i386.rpm
       337778 b7b4c83dd9128cfe3b5298b5e219301d

<Turbolinux Workstation 6.0>

   Source Packages
   Size : MD5

   sendmail-8.9.3-29.src.rpm
      1413836 4235e2ae650fc92c84566aca6f2a269a

   Binary Packages
   Size : MD5

   sendmail-8.9.3-29.i386.rpm
       260349 da9968944ceef261253c247e38fcd1b6
   sendmail-cf-8.9.3-29.i386.rpm
       117764 c5d32e0d56f6e34f6991f9cfcef211a0
   sendmail-doc-8.9.3-29.i386.rpm
       337926 e48ce12ba1ba77cf6f08a874eca05d33

References :

sendmail.org
   http://www.sendmail.org/8.12.8.html

CERT Advisory
   [CA-2003-07]
   http://www.cert.org/advisories/CA-2003-07.html

JPCERT/CC
   [Alert 2003-03-04]
   http://www.jpcert.or.jp/at/2003/at030002.txt

--------------------------------------------------------------------------
Revision History
    4 Mar 2003 Initial release
--------------------------------------------------------------------------

Copyright(C) 2003 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+ZE6tK0LzjOqIJMwRAgcwAKCjEMx0liKowZXBidaaM7eTox+xRACeP0Fd
+xrFwkfa5UxuCMFCsNQ3QHI=
=u/Pq
-----END PGP SIGNATURE-----