HPE Community
Operating System - HP-UX
1847177 Members
5568 Online
110263 Solutions
New Discussion

Re: Patch for sendmail for potential buffer overflow

 
Jeny Joseph
New Member

‎11-13-2003 04:14 AM

‎11-13-2003 04:14 AM

Patch for sendmail for potential buffer overflow

Hi,

HP-UX 10.20
Sendmail version 8.8.6
For the potential buffer overflow security vulnerability in sendmail(CERT advisory CA-2003-25 and HP reference SSRT3631) is there a patch available for HP-UX 10.20 running sendmail version 8.8.6.

Thanks.
Jeny
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎11-13-2003 04:19 AM

‎11-13-2003 04:19 AM

Re: Patch for sendmail for potential buffer overflow

Two problems:

The sendmail patches I've seen support sendmail 8.9 and up.

Of course HP-UX 10.20 is no longer supported though I thought important security patches would still happen.

You might want to go to http://www.sendmail.org download and compile a new sendmail on your system. You can go 8.12 and have better security than me.!!!

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Jeny Joseph
New Member

‎11-13-2003 05:24 AM

‎11-13-2003 05:24 AM

Re: Patch for sendmail for potential buffer overflow

The first problem can be solved by applying an available patch to upgrade to sendmail 8.9.3.

So now I need to know if a patch is available for HP-UX 10.20 running sendmail 8.9.3. I saw documentation that a patch is available for HP-UX 11.0 and higher. No mention of 10.20. Does that mean no patch will be available for 10.20 since it is no longer supported?

Thanks.
Jeny
0 Kudos
Reply
Berlene Herren
Honored Contributor

‎11-13-2003 09:58 PM

‎11-13-2003 09:58 PM

Re: Patch for sendmail for potential buffer overflow

Jeny, open a call with the response center for this one or email me with relative information. HP's policy is that it no longer issues patches for unsupported/obsolete operating system versions.

Berlene.herren@
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
Clyde Mehornay Jr
Occasional Contributor

‎11-17-2003 05:08 AM

‎11-17-2003 05:08 AM

Re: Patch for sendmail for potential buffer overflow

This first showed up quite a while ago.

The HP Security Bulletin is HPSBUX0304-253, which is in reference to CERT Advisory CA-2003-12, CERT Vulnerability Note VU#897604.

In it, patch PHNE_28760 gets you to Sendmail 8.9.3 on HP-UX 10.20, including the fix for this problem. Read the entire bulletin, since this Sendmail change could affect normal operations involving normal users traversing mail queues.
0 Kudos
Reply
Tom Danzig
Honored Contributor

‎11-17-2003 06:27 AM

‎11-17-2003 06:27 AM

Re: Patch for sendmail for potential buffer overflow

For HP-UX 10.20:

PHNE_28760 - sendmail(1m) 8.9.3 cumulative patch.

FYI, there is another sendmail advisory for which a patch has yet to be issued.
0 Kudos
Reply
Jeny Joseph
New Member

‎11-25-2003 07:43 AM

‎11-25-2003 07:43 AM

Re: Patch for sendmail for potential buffer overflow

Thanks everybody for your responses.
I will follow Berlene Herren's suggestion.

Thanks again.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.