[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] SCOSA-2006.24 Sendmail Arbitrary Code Execution Vulnerability
- To: security-announce@xxxxxxxxxxxx
- Subject: [Full-disclosure] SCOSA-2006.24 Sendmail Arbitrary Code Execution Vulnerability
- From: SCO Security Advisories <security@xxxxxxx>
- Date: Mon, 22 May 2006 09:02:40 -0700
--
Dr. Ronald Joe Record
SCO Security Officer
rr@xxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: Sendmail Arbitrary Code Execution Vulnerability
Advisory number: SCOSA-2006.24
Issue date: 2006 May 21
Cross reference: fz533700
CVE-2006-0058
______________________________________________________________________________
1. Problem Description
Sendmail could allow a remote attacker to execute arbitrary code as
root, caused by a signal race vulnerability.
The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2006-0058 to
this issue.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3 sendmail
mailstats
praliiases
rmail
smrsh
makemap
UnixWare 7.1.4 sendmail
mailstats
praliiases
rmail
smrsh
makemap
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.3
4.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24
4.2 Verification
MD5 (p533700.713.image) = 2c33879a5f676c79efe1e78cadb2aeb8
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.3 Installing Fixed Binaries
The following packages should be installed on your system before
you install this fix:
UnixWare 7.1.3 Maintenance Pack 5
http://www.sco.com/support/update/download/release.php?rid=96
Upgrade the affected binaries with the following sequence:
Download p533700.713.image to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/p533700.713.image
5. UnixWare 7.1.4
5.1 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24
5.2 Verification
MD5 (p533700.714.image) = 0a3a7c95a68e1ca3e5916e40e9dfa0ae
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
5.3 Installing Fixed Binaries
The following packages should be installed on your system before
you install this fix:
UnixWare 7.1.4 Maintenance Pack 3
http://www.sco.com/support/update/download/release.php?rid=126
Upgrade the affected binaries with the following sequence:
Download p533700.714.image to the /var/spool/pkg directory
# pkgadd -d /var/spool/pkg/p533700.714.image
6. References
Specific references for this advisory:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
http://www.securityfocus.com/archive/1/428536/100/0/threaded
http://www.sendmail.org/
SCO security resources:
http://www.sco.com/support/security/index.html
SCO security advisories via email
http://www.sco.com/support/forums/security.html
This security fix closes SCO incidents fz533700.
7. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
8. Acknowledgments
Marc Bejarano is credited with the discovery of this vulnerability.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (SCO_SV)
iD8DBQFEcSxeaqoBO7ipriERAtnOAJ4l8SWkkFxTYf8T8iD9P4UFQBqX0QCfZld8
m4gPf3unHlkCKdp/9PbXL9Y=
=vpKs
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/