Buffer Overflow in Sendmail
Sendmail contains a vulnerability in its address parsing code. An error in the
prescan() function could allow an attacker to write past the end of a buffer,
corrupting memory structures. Depending on platform and operating system architecture,
the attacker may be able to execute arbitrary code with a specially crafted
Depending on platform and operating system architecture, a remote attacker could
execute arbitrary code with the privileges of the sendmail daemon. Unless the
RunAsUser option is set, Sendmail typically runs as root.
Further information is available in CERT's VU#784980. Common Vulnerabilities
and Exposures (CVE) refers to this issue as CAN-2003-0694.
Upgrade or apply a patch
This vulnerability is resolved in Sendmail 8.12.10. Sendmail has also released
a patch that can be applied to Sendmail 8.9.x through 8.12.9. Information about
specific vendors is available in Appendix A. and in the Systems Affected section
Sendmail 8.12.10 is designed to correct malformed messages that are transferred
by the server. This should help protect other vulnerable sendmail servers.
Enable the RunAsUser option
While there is no known complete workaround, consider setting the RunAsUser
option to reduce the impact of this vulnerability. It is typically considered
to be a good security practice to limit the privileges of applications and services
The Sendmail Consortium recommends that sites upgrade to 8.12.10 whenever possible.
Alternatively, patches are available for 8.9, 8.10, 8.11, and 8.12 on http://www.sendmail.org/.
All commercial releases including Sendmail Switch, Sendmail Advanced Message
Server (which includes the Sendmail Switch MTA), and Sendmail for NT are affected
by this issue. Patch information is available at http://www.sendmail.com/security/.
Microsoft Exchange Server fails to properly handle specially crafted SMTP extended
As reported by CERT (www.cert.org), Microsoft Exchange fails to handle certain
SMTP extended verbs correctly. In Exchange 5.5, this can lead to a denial-of-service
condition. In Exchange 2000, this could permit an attacker to run arbitrary
For more information, see Microsoft Security Bulletin MS03-046.
An attacker could cause a denial of service condition against Exchange 5.5 or
execute arbitrary code against Exchange 2000.
Apply a patch as described in Microsoft Security Bulletin MS03-046.
Multiple Vulnerabilities in SSL/TLS Implementations
There are multiple vulnerabilities in different implementations of the Secure
Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.
These vulnerabilities occur primarily in Abstract Syntax Notation One (ASN.1)
parsing code. The most serious vulnerabilities may allow a remote attacker to
execute arbitrary code. The common impact is denial of service.
The main vulnerabilities according to CERT are:
VU#935264 - OpenSSL ASN.1 parser insecure memory deallocation
VU#255484 - OpenSSL contains integer overflow handling ASN.1 tags (1)
VU#380864 - OpenSSL contains integer overflow handling ASN.1 tags (2)
VU#686224 - OpenSSL does not securely handle invalid public key when configured
to ignore errors
VU#732952 - OpenSSL accepts unsolicited client certificate messages
VU#104280 - Multiple vulnerabilities in SSL/TLS implementations
The impacts of these vulnerabilities vary. In almost all, a remote attacker
could cause a denial of service. For at least one vulnerability in OpenSSL (VU#935264),
a remote attacker may be able to execute arbitrary code.
OpenSSL versions prior to 0.9.7c and 0.9.6k
Multiple SSL/TLS implementations
Upgrade or apply a patch
To resolve the OpenSSL vulnerabilities, upgrade to OpenSSL
0.9.7c or OpenSSL 0.9.6k. Alternatively, upgrade or apply a patch as directed
vendor. Recompile any applications that are statically linked to OpenSSL libraries.
Buffer Overflow in Windows Workstation Service
Microsoft's Security Bulletin MS03-049 discusses a buffer overflow in Microsoft's
Workstation Service that can be exploited via a specially crafted network message.
A remote attacker could exploit this vulnerability to execute arbitrary code
with system-level privileges or to cause a denial of service. The exploit vector
and impact for this vulnerability are conducive to automated attacks such as
Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4/ Microsoft
Windows XP/ Microsoft Windows XP Service Pack 1/ Microsoft Windows XP 64-Bit
Apply the appropriate patch as specified in Microsoft Security Bulletin MS03-049.
Block access from outside your network perimeter, specifically by blocking access
to TCP & UDP ports 138, 139, and 445. This will limit your exposure to attacks.
Disable the Workstation Service as described in MS03-049.
|Backdoor.Dister is a Trojan horse that periodically
contacts a server for instructions and configuration data, and then sends
batches of email as the server instructs. This functionality could be used
to anonymously distribute malware or spam from an infected computer.
DOS, Linux, Macintosh, OS/2,
UNIX and Windows 3.x systems are not affected by Backdoor.Dister.
Disable System Restore in
Windows Me/XP. After this, update the virus definitions of the affected
system's antivirus. The computer has to be restarted in safe mode or VGA
mode after this has been performed. Run a full system scan and delete
all the files detected as Backdoor.Dister. Ensure that all the changes
made to the registry have been reversed after the full system scan.
5. IRC Trojan