Article ID: 2831, created on Oct 29, 2007, last review on Apr 18, 2012

  • Applies to:
  • Pro Control Panel Linux

AdditionalInformation

View Knowledge
Knowledge ID 2251
Product : Ensim Pro for Linux
Version : 3.5
Topic : Hotfix

Title
Sendmail security patch release for WEBppliance for Linux 3.0.x (LS)

Summary
Sendmail security patch release for WEBppliance for Linux 3.0.x (LS)

Prevention


Details

This security patch resolves the Sendmail vulnerability.

Compatibility :

This patch requires WEBppliance 3.0.3 or 3.0.0 for Linux (LS).

Major Feature :

This patch fixes the security vulnerability mentioned below:

1. Sendmail vulnerability may allow remote attackers to gain
   root privileges by sending subversive messages.

   A buffer overflow in Sendmail 5.79 to 8.12.7 allows remote
   attackers to execute arbitrary code using certain formatted
   address fields, related to sender and recipient headercomments
   as processed by the crackaddr function of headers.c.

   Advisory details for the security patch are available at
   the following URL:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337

Installation Instructions :

Download site: (be sure to downloadusing BINARY mode)
http://download.swsoft.com/ensim/download/webppliance/linux/patches/3.0/sendmail/

1.  Download the file LS-3.0-Sendmail-patch.tar.gz

2.  Uncompress the file:
     tar -xvzf LS-3.0-Sendmail-patch.tar.gz

3.  Change the current directory to the director where you haveuncompressed the file:
     cd LS-3.0-Sendmail-patch

4.  Run the following commands to install the sendmail packages,
     # rpm -Uvh \
        sendmail-8.11.6-2ensim5.i386.rpm \
        sendmail-doc-8.11.6-2ensim5.i386.rpm \
        sendmail-cf-8.11.6-2ensim5.i386.rpm
    
    # rm -f /etc/rc.d/init.d/sendmail       

    # ln -s /etc/rc.d/init.d/sendmail_app_init /etc/rc.d/init.d/sendmail  

    # /bin/cp -f /usr/lib/opcenter/sendmail/install/smtp.pam /etc/pam.d/smtp 
    
    # /sbin/service sendmail restart


Attachments


Related Knowledge

Related Links
 
Last ModifiedUsageSatisfiedLast Used
6/16/2006 2:27:39 AM10 10/12/2007 4:01:18 AM

4cc899da08664637a8bc437308d3ddd7 3ccb419cf98083f3bb45808fba8dbc7c 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF