WEBppliance 3.0.0, 3.0.2, 3.0.4 LH Only
This fix provides a security patch that resolves a Sendmail vulnerability that may allow remote attackersto gain root privileges by sending subversive messages. You can apply this fix on any of the following WEBppliance versions.
- Version 3.0.0-56
- Version 3.0.2-56
- Version 3.0.4-17
Important: Make sure that your WEBppliance version is upgraded to one of the above versions before applying this fix. As only the above versions have tested successfully with this Sendmail fix.
About Sendmail upgrade for WEBppliance 3.0.4/3.0.2/3.0.0
This Sendmail security fix installs sendmail-8.11.6-3ensim5, which fixes the following Sendmail vulnerability.
Sendmail vulnerability allows remote attackers to gain root privileges by sending subversive messages.
A buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code using certain formatted address fields, related to the sender and recipient header comments as processedby the crackaddr function of headers.c.
Advisory details for the security patch are available at the following URL:
Important: When you upgrade WEBppliance, ensure that you select all the services and add-ons, installed on your existing WEBppliance, for upgrade.
Downloading Sendmail-8.11.6-6 [RH 7.1] patch
1. Connect to AppXchange.
§ In the Links area,click AppXchange.
§ Click Administration on the left navigation bar. Click the Maintenance tab, and under the Registered Patches list, click Connect to AppXchange.
2. Log in with the user name and password assigned by Ensim.
3. In the Services area, click View.
4. In the Select column, select the Sendmail-8.11.6-6[RH 7.1] check box, then
click Add selecteditems to cart.
5. Click Download to download theselected patch.
6. Review the license agreement, then clickAgree.
The selected patch is downloaded. Action information and a progress report are displayed.
Click Done below the progress report and proceed to install Sendmail-8.11.6-6 [Rh7.1] onto your server.
Revising the Sendmail suite
Please revise your existing Webppliance 3.0.x suite's following packages.
- sendmail (existingversion) revise to sendmail-8.11.6-2ensim5
- sendmail-cf (existingversion) revise to sendmail-cf-8.11.6-2ensim5
- sendmail-doc (existingversion) revise to sendmail-doc-8.11.6-2ensim5
Please refer to the topic "Revising Suites and Services available on ServerXchange"
in the Server & Application Manager online Help.
Tip: Use the Search option in the online Help to browse to this topic quickly.
Note:You will need to repeat the steps for each Sendmail package installed onyour server.
After revising the Sendmail suite, re-install WEBppliance.
Important: Before proceeding to re-install WEBppliance, you must install BFS 7.1ded-25
(or higher) on dedicated servers or BFS 7.1vps-29 (or higher) onprivate servers.
Re-install WEBppliance onto your server
1. In the Server and Application Manager interface, click Servers on the left navigation bar.
2. Locate the server on which you want to apply the Sendmail-8.11.6-6 [Rh 7.1] patch.
3. Click on the host name of the server.
4. Click the Applications tab.
5. Select the Install option, from the list of menu options displayed under the Applications tab.
6. Locate the current version of WEBppliance and select the corresponding check box in the Select
Note:The Version column will show a revision tag (as a result of the revise suite action performed)
and show Installed in the Installed column.Proceed to re-install WEBppliance in order update your
WEBppliance with the Sendmail-8.11.6-6 [Rh7.1] patch.
7. Click Next.
8. Select the Services installed on your existing WEBppliance for upgrade.
9. Click Next.
10. Click Finish.
After successful re-installation, the WEBppliance automatically restarts.
Restarting the Sendmail service after re-installation
1. Log in to the Appliance Administrator control panel with your user name and password.
2. Click Services on the left navigation bar.
3. In the Service column, locate Sendmail SMTP Server, and click the Restart icon.
On restarting the server successfully, a "successful" status message appears above
the Services area.