June 2006

ID: 00401
Ref: 390/2006
Date: 08 June 2006:13:55:10
Version: 1

---

Title: CIAC BULLETIN REVISED Q-151 sendmail Security Update
Abstract: A flaw in the handling of asynchronous signals was discovered in Sendmail.
Vendors affected: Ciac
Operating systems affected: Ciac
Applications affected: Ciac

---

Title
=====

CIAC BULLETIN REVISED Q-151 sendmail Security Update

Detail
======

A flaw in the handling of asynchronous signals was discovered in Sendmail.


- -----BEGIN PGP SIGNED MESSAGE-----

CIAC has revised Q-151 to add a link to HPSBTU02116 SSRT061135 rev.1 -
HP Tru64 UNIX and HP.
__________________________________________________________

The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________

INFORMATION BULLETIN

sendmail Security Update
[RHSA-2006:0264-8]

March 22, 2006 18:00 GMT Number Q-151
[REVISED 31 Mar 2006]
[REVISED 07 Apr 2006]
[REVISED 10 Apr 2006]
[REVISED 13 Apr 2006]
[REVISED 20 Apr 2006]
[REVISED 26 Apr 2006]
[REVISED 03 May 2006]
[REVISED 16 May 2006]
[REVISED 06 Jun 2006]
______________________________________________________________________________
PROBLEM: A flaw in the handling of asynchronous signals was discovered
in Sendmail.
PLATFORM: Red Hat Desktop (v. 3, 4)
Red Hat Enterprise Linux AS (v. 2.1, 3, 4)
Red Hat Enterprise Linux ES (v. 2.1, 3, 4)
Red Hat Enterprise Linux WS (v. 2.1, 3, 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
HP-UX B.11.11, B.11.23, B.11.00.
SGI ProPack 3 Service Pack 6
Sun Cobalt RaQ XTR Server
Sun Cobalt RaQ 4 Server
Sun Cobalt RaQ 550 Server
DAMAGE: A remote attacker may be able to exploit a race condition to
execute arbitrary code as root.
SOLUTION: Apply current patches.
______________________________________________________________________________
VULNERABILITY The risk is HIGH. A remote attacker could execute arbitrary
ASSESSMENT: code as root.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-151.shtml
ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2006-0264.html
ADDITIONAL LINKS: Red Hat RHSA-2006:0265-9
https://rhn.redhat.com/errata/RHSA-2006-0265.html
US-CERT Vulnerability Note VU#834865
http://www.kb.cert.org/vuls/id/834865
US-CERT Technical Cyber Security Alert TA06-081A
http://www.us-cert.gov/cas/techalerts/TA06-081A.html
Sendmail MTA Security Vulnerability
http://www.sendmail.com/company/advisory/
Sun Alert ID: 102262
http://sunsolve.sun.com/search/document.do?assetkey=1-26
-102262-1&searchclause=security
Visit Hewlett-Packard Subscription Service for:
HPSBUX02108 SSRT061133 rev.10
SGI Security Advisory 20060401-01-U, Update #56,
Ref: Red Hat RHSA-2006-0015.html
ftp://patches.sgi.com/support/free/security/
advisories/20060401-01.U.asc
Sun Alert ID: 102324
http://www.sunsolve.sun.com/search/document.do?assetkey=
1-26-102324-1&searchclause="category:security"$20%
22availability,$20security"$20category:security
Visit Hewlett-Packard Subscription Service for:
HPSBTU02116 SSRT061135 rev.1 - HP Tru64 UNIX and HP
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CVE-2006-0058, CVE-2006-1173
______________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBRIX1NrnzJzdsy3QZAQHA/gP+JqjbqMnN9SbSOkbb5h4Hd/ktjKBJ+U0l
+QMuCdmn/pUm4msfl9RUIasNRtbkFvL43FjHetzG4omx9OvDgyTblY9nx1z3/kBj
3sw+Q7WvlCCYlR5vr2sEQPjiM4k4Sci/8pCuH6EL14p1bKnPj4pQfTu5eJjiMEyv
zj0sRnbOmxo=
=j3Ul
- -----END PGP SIGNATURE-----