Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] [SECURITY] [DSA 554-1] New sendmail packages fix poten

from [debian-security-announce] Network Security [Permanent Link]
Subject: [Full-Disclosure] [SECURITY] [DSA 554-1] New sendmail packages fix potential open relay
Date: Mon, 27 Sep 2004 20:01:30 +0200 (CEST) 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 554-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 27th, 2004                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : sendmail
Vulnerability  : pre-set password
Problem-Type   : remote
Debian-specific: yes
CVE ID         : CAN-2004-0833

Hugo Espuny discovered a problem in sendmail, a commonly used program
to deliver electronic mail.  When installing "sasl-bin" to use sasl in
connection with sendmail, the sendmail configuration script use fixed
user/pass information to initialise the sasl database.  Any spammer
with Debian systems knowledge could utilise such a sendmail
installation to relay spam.

For the stable distribution (woody) this problem has been fixed in
version 8.12.3-7.1.

For the unstable distribution (sid) this problem has been fixed in
version 8.13.1-13.

We recommend that you upgrade your sendmail package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1.dsc
      Size/MD5 checksum:      751 f87d51444a4f2e04a59fafeb7f097bbc
    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1.diff.gz
      Size/MD5 checksum:   258790 c2f8dcc37edf99eada5fb65b26bb9e72
    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
      Size/MD5 checksum:  1840401 b198b346b10b3b5afc8cb4e12c07ff4d

  Architecture independent components:

    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-7.1_all.deb
      Size/MD5 checksum:   747880 2ae5775f103472f8f7941e0662786930

  Alpha architecture:

    
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_alpha.deb
      Size/MD5 checksum:   267968 69dab41dfc47d348ec7ee5603971c68b
    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_alpha.deb
      Size/MD5 checksum:  1109604 9f64220f46ac154f7426450478f101dc

  ARM architecture:

    
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_arm.deb
      Size/MD5 checksum:   247700 6bb4396b026113ec4e12026377a18d17
    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_arm.deb
      Size/MD5 checksum:   979550 718d6fb7066f753dcba7c71aa7d76ed0

  Intel IA-32 architecture:

    
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_i386.deb
      Size/MD5 checksum:   237456 111a0ee4b50eafdfdf89845dc633aa1b
    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_i386.deb
      Size/MD5 checksum:   918104 ad5cc37cb435ed63022ab3a16ae01f6e

  Intel IA-64 architecture:

    
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_ia64.deb
      Size/MD5 checksum:   282146 360db5037b71cb5eab9015ae8292aca3
    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_ia64.deb
      Size/MD5 checksum:  1332930 f25bedb4ac5beb5372a704a99dc4d2ac

  HP Precision architecture:

    
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_hppa.deb
      Size/MD5 checksum:   261806 5aebadbfa1f4c5b63a97034a5bdd3b5a
    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_hppa.deb
      Size/MD5 checksum:  1081296 1fc96f0e94f384c4f8007358243a4e5e

  Motorola 680x0 architecture:

    
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_m68k.deb
      Size/MD5 checksum:   231282 8d498605748163c67d9ff0f467e01966
    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_m68k.deb
      Size/MD5 checksum:   866108 b41e130ed77f5224f80178375f25664c

  Big endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_mips.deb
      Size/MD5 checksum:   255334 699b5f21580f659cd22311150bf0ba5c
    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_mips.deb
      Size/MD5 checksum:  1022342 2b627d3fdc4c7c9841c6d150b33c1c2a

  Little endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_mipsel.deb
      Size/MD5 checksum:   255012 d2a7cf6d78b43bf701b836d0224c3b09
    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_mipsel.deb
      Size/MD5 checksum:  1022760 9376daf26c909df8cfd6017861c9a423

  PowerPC architecture:

    
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_powerpc.deb
      Size/MD5 checksum:   257484 698ab817f07d5f0d2c4acce2953f1a47
    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_powerpc.deb
      Size/MD5 checksum:   978892 b6ee12aaa79ac88ba86c082e76292222

  IBM S/390 architecture:

    
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_s390.deb
      Size/MD5 checksum:   242818 62ee8100f00289f61c741152055b6547
    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_s390.deb
      Size/MD5 checksum:   966586 7c1eadeda33234516b07f8241cb88b9d

  Sun Sparc architecture:

    
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_sparc.deb
      Size/MD5 checksum:   245470 17ff10779b02a0d5d278e2ba4221b6c6
    
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_sparc.deb
      Size/MD5 checksum:   982828 f791b2399d1b7dba4ec770ab08a68e0b


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBWFV5W5ql+IAeqTIRAogmAJwMuD69yyiTzYLDYSznqZ2B6e7Z4wCfXfrB
LK6qiE4EbeeNKoV4sQrnvB8=
=HUT6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] [SECURITY] [DSA 554-1] New sendmail packages fix potential open relay, debian-security-announce <=
Previous by Date:  [Full-Disclosure] Re: Yahoo! Store Security Advisory (Stuart Moore), Tim O'Guin
Next by Date:  [Full-Disclosure] New virus?, Bernardo Santos Wernesback
Previous by Thread:  [Full-Disclosure] Re: Yahoo! Store Security Advisory (Stuart Moore), Tim O'Guin
Next by Thread:  [Full-Disclosure] New virus?, Bernardo Santos Wernesback
Indexes:  [Date] [Thread] [Top] [All Lists]