This security patch resolves the Sendmail vulnerability.
This patch requires WEBppliance 3.0.3 or 3.0.0 for Linux (LS).
Major Feature :
This patch fixes the security vulnerability mentioned below:
1. Sendmail vulnerability may allow remote attackers to gain
root privileges by sending subversive messages.
A buffer overflow in Sendmail 5.79 to 8.12.7 allows remote
attackers to execute arbitrary code using certain formatted
address fields, related to sender and recipient headercomments
as processed by the crackaddr function of headers.c.
Advisory details for the security patch are available at
the following URL:
Installation Instructions :
Download site: (be sure to downloadusing BINARY mode)
1. Download the file LS-3.0-Sendmail-patch.tar.gz
2. Uncompress the file:
tar -xvzf LS-3.0-Sendmail-patch.tar.gz
3. Change the current directory to the director where you haveuncompressed the file:
4. Run the following commands to install the sendmail packages,
# rpm -Uvh \
# rm -f /etc/rc.d/init.d/sendmail
# ln -s /etc/rc.d/init.d/sendmail_app_init /etc/rc.d/init.d/sendmail
# /bin/cp -f /usr/lib/opcenter/sendmail/install/smtp.pam /etc/pam.d/smtp
# /sbin/service sendmail restart