HPE Community
Operating System - HP-UX
1837896 Members
3567 Online
110122 Solutions
New Discussion

Re: SSRT3631 Potential Security Vulnerability in sendmail Rev 3

 
Berlene Herren
Honored Contributor

‎11-10-2003 11:30 PM

‎11-10-2003 11:30 PM

SSRT3631 Potential Security Vulnerability in sendmail Rev 3

A security bulletin has been issued:

-----------------------------------------------------------------
**REVISED 03**
Source: HEWLETT-PACKARD COMPANY
SECURITY BULLETIN: HPSBUX0309-281
Originally issued: 21 September 2003
Last revised: 10 November 2003
SSRT3631 Potential Security Vulnerability in sendmail
--------------------------------------------------

To access the bulletin from the itrc:

Select "maintenance and support"
Select "search technical knowledge base"
Select "HP-UX Software Security Bulletins"
Select "Search by Security Bulletin Number"
Enter â HPSBUX0309-281"
Search


===============================================================

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
9 REPLIES 9
Mark Greene_1
Honored Contributor

‎11-11-2003 06:28 AM

‎11-11-2003 06:28 AM

Re: SSRT3631 Potential Security Vulnerability in sendmail Rev 3

If the above is referring to this security bulletin update I got today:

PROBLEM: Potential security vulnerability in sendmail

IMPACT: Potential unauthorized Privileged Access.

PLATFORM: HP-UX releases B.11.00, B.11.04 (VVOS), B.11.11, B.11.22

SOLUTION: Download and install HPSecurityBul281.depot.


Can you tell us if this requires are reboot? It does not say in the e-mail update.

Thanks,
mark
the future will be a lot like now, only later
0 Kudos
Reply
Berlene Herren
Honored Contributor

‎11-11-2003 06:30 AM

‎11-11-2003 06:30 AM

Re: SSRT3631 Potential Security Vulnerability in sendmail Rev 3

No Mark, there is no reboot.

Enjoy,
Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
Berlene Herren
Honored Contributor

‎11-11-2003 06:33 AM

‎11-11-2003 06:33 AM

Re: SSRT3631 Potential Security Vulnerability in sendmail Rev 3

If the files recommended in the Revision 2 of this bulletin have been installed there is no need to install HPSecurityBul281.depot. This depot is a repackaging of the previous files.


Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎11-11-2003 06:33 AM

‎11-11-2003 06:33 AM

Re: SSRT3631 Potential Security Vulnerability in sendmail Rev 3

I would imagine that it would at least require sendmail to be bounced - correct Berlene?

Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-11-2003 06:36 AM

‎11-11-2003 06:36 AM

Re: SSRT3631 Potential Security Vulnerability in sendmail Rev 3

Berlene,

How you doing?

I'm on the ftp site now.

The Bulliten says there should be a file called:HPSecurityBul281.depot.gz available.

Not there.

perhaps a permissions issue?

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Mark Greene_1
Honored Contributor

‎11-11-2003 06:37 AM

‎11-11-2003 06:37 AM

Re: SSRT3631 Potential Security Vulnerability in sendmail Rev 3

Thanks for the confirmation. I suspect I still have to download this patch. I have these:

HPSecurityBul246.depot HPSecurityBul253.depot

but they are rev's 3 and 4, I think.

mark
the future will be a lot like now, only later
0 Kudos
Reply
Berlene Herren
Honored Contributor

‎11-11-2003 06:46 AM

‎11-11-2003 06:46 AM

Re: SSRT3631 Potential Security Vulnerability in sendmail Rev 3

Hi SEP, doing good! The .gz was just pulled for a packaging issue, it will be reposted shortly.

Yes Mark, you will need to Install the patches recommended in HPSBUX0304-253 first.

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
Berlene Herren
Honored Contributor

‎11-11-2003 07:15 AM

‎11-11-2003 07:15 AM

Re: SSRT3631 Potential Security Vulnerability in sendmail Rev 3

The depot (HPSecurityBul281a.depot) is now back on the external site, cksum 2465545458 6041600.

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
Berlene Herren
Honored Contributor

‎11-11-2003 10:36 PM

‎11-11-2003 10:36 PM

Re: SSRT3631 Potential Security Vulnerability in sendmail Rev 3

Jeff, I make it a practice to stop sendmail before installing a new or fixed version, then restarting it (if it didn't already start) after the patch/fix applied. But that's just my practice :-)

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.