This Security Patch resolves the Sendmail vulnerability that allows local and possibly remote attackers to gain root privileges.
This Patch requires WEBppliance 3.1.8 to be installed on your server.
NOTE : This patch will not install on any other version of WEBppliance other than 3.1.8
This patch fixes the Security vulnerabilities mentioned below :
- Sendmail vulnerability that allows local and possibly remote attackers to
gain root privileges.
There is a vulnerability in Sendmail versions prior to and including 8.12.8. The address parser performs insufficient bounds checking in certain conditions due to a char to int conversion, making it possible for an attacker to take control of the application. Although no exploit currently exists, this issue is probably locally exploitable and may also be remotely exploitable.
Advisory details for the security patch are available at the following URL: http://rhn.redhat.com/errata/RHSA-2003-120.html
Installation Instructions :
Download site: (be sure to downloadusing BINARY mode)
- Download the file LS-3.1.9-2.tar.gz
- Uncompress the file:
tar -xvzf LS-3.1.9-2.tar.gz
- Change the current directory to the directory where you have uncompressed the file:
- Run the following command
# sh ./patch-install-3.1.9-2.sh
The install script verifies the current installation of WEBppliance to ensure that it complies with the patch requirements and then upgrades the required RPMs (requires root access).
- This install script will restart the sendmail service automatically.