HPSBGN01172 SSRT3612 rev.2 - Tru64 UNIX Using Internet Express sendmail, Local or Remote Denial of Service (DoS) or Elevated Privileges

  • KM02992244
  • 17-Oct-2017
  • 17-Oct-2017

Summary

A potential security vulnerability may exist in the Internet Express (IX) sendmail code which could result in a local or remote exploit of a denial of service (DoS) or unauthorized privileged access.

Reference

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM02992244 (c01040453)

Version: 2

HPSBGN01172 SSRT3612 rev.2 - Tru64 UNIX Using Internet Express sendmail, Local or Remote Denial of Service (DoS) or Elevated Privileges
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2003-09-09

Last Updated: 2007-05-03


Potential Security Impact: Local or remote Denial of Service (DoS) or elevated privileges

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY

A potential security vulnerability may exist in the Internet Express (IX) sendmail code which could result in a local or remote exploit of a denial of service (DoS) or unauthorized privileged access.

References: CERT- VU#993452, CAN-2003-0688

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

The product versions affected are Internet Express sendmail Version 8.12.0 through Version 8.12.8 These versions of sendmail were shipped with Internet Express Versions 5.8, 5.9, 6.0, and 6.1.

Note: The sendmail versions shipped with the HP Tru64 UNIX V5.1A and V5.1B are NOT affected by this potential vulnerability.

BACKGROUND

For a PGP signed version of this security bulletin please write to: security-alert@hp.com

 

RESOLUTION

The correction for this potential sendmail vulnerability is scheduled to be available in the following mainstream release of Internet Express: 

Internet Express Version 6.2 

To determine if this patch kit is needed: 

To determine the version of sendmail running on your system run the following command: 

>/usr/sbin/sendmail -d0.1 Version 8.12.0 Xxxxx xxxx (other information) 
If the sendmail version displayed is 8.12.0 - 8.12.8 then you will need to patch sendmail with the Early Release Patch (ERP) kit detailed below. 

Until the next release of Internet Express V6.2 containing the sendmail correction is available, HP is releasing the following Early Release Patch (ERP) kit. 

ERP Kit Name: T64V51AB-IX6-SENDMAIL-58-61-SSRT3612 
Kit Location: 
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64V51AB-IX6-SENDMAIL-58-61-SSRT3612 
The README document provides patch kit installation and removal instructions and a summary of the patch. 
 

HISTORY 
Revision: 0 (rev.0) - 29 September 2003 Initial release 
Version: 1 (rev.1) - 27 May 2005 Reformatted 
Version: 2 (rev.2) - 03 May 2007 Reformatted

©Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.