=========================================================================== SCO Security Bulletin 2000.06 Buffer Overflow Vulnerabilities in OpenServer MMDF subsystem --------------------------------------------------------------------------- MMDF Vulnerabilities Found In SCO OpenServer --------------------------------------------------------------------------- I. Description Recently Network Associates, Inc. issued a SECURITY ADVISORY against all versions of MMDF prior to the beta release 2.44a-B4 entitled "Remote Vulnerability in the MMDF SMTP Daemon" and indicated that the default SCO OpenServer version of MMDF(2.43.3b) is also vulnerable. SCO confirms this and provides this SSE which replaces the files below that are possibly susceptible: /usr/bin/checkmail /usr/bin/emactovi /usr/bin/mlist /usr/bin/newmail /usr/bin/rcvalert /usr/bin/rcvfile /usr/bin/rcvprint /usr/bin/rcvtrip /usr/bin/resend /usr/bin/rmail /usr/bin/tommdf /usr/lib/mail/execmail /usr/lib/sendmail /usr/mmdf/bin/amp /usr/mmdf/bin/checkaddr /usr/mmdf/bin/checkque /usr/mmdf/bin/checkup /usr/mmdf/bin/cleanque /usr/mmdf/bin/cnvtmbox /usr/mmdf/bin/deliver /usr/mmdf/bin/mailid /usr/mmdf/bin/malias /usr/mmdf/bin/newssend /usr/mmdf/bin/setup /usr/mmdf/bin/submit /usr/mmdf/bin/uuprocess /usr/mmdf/chans/delay /usr/mmdf/chans/list /usr/mmdf/chans/local /usr/mmdf/chans/micnet /usr/mmdf/chans/smtp /usr/mmdf/chans/smtpd /usr/mmdf/chans/smtpsrvr /usr/mmdf/chans/uucp /usr/mmdf/table/dbmbuild /usr/mmdf/table/dbmedit /usr/mmdf/table/dbmlist /usr/mmdf/table/tools/nictable /usr/mmdf/table/tools/tablelist II. Impact Possible exploits using buffer overflow of the above tools and daemons III. Releases OpenServer 5.0.0, 5.0.2, 5.0.4, and 5.0.5, IV. Solution SCO is providing an interim patch to address this issue in the form of a System Security Enhancement (SSE) package. SSE062 contains replacement binaries for OpenServer5.0.5, and is available for Internet download via anonymous ftp and http. You can download the SSE package as follows: Anonymous ftp (World Wide Web URL): ftp://ftp.sco.COM/SSE/sse062.ltr (cover letter, ASCII text) ftp://ftp.sco.COM/SSE/sse062.tar.Z (new binaries, compressed tar file) Checksums (sum -r): 18042 6 sse062.ltr 56481 3595 sse062.tar.Z V. Updates This bulletin is available for anonymous ftp download from ftp://ftp.sco.COM/SSE/security_bulletins/SB-00.06, and will be updated as new information becomes available. The latest information on security vulnerabilities and fixes from SCO is available on the world-wide web at http://www.sco.com/security/ VI. Further Information: If you have further questions, contact your support provider. If you need to contact SCO, please send electronic mail to support@sco.COM, or contact SCO as follows. USA/Canada: 6am-5pm Pacific Time (PST/PDT) ----------- 1-800-347-4381 (voice) 1-408-427-5443 (fax) Pacific Rim, Asia, and Latin American customers: 6am-5pm Pacific ------------------------------------------------ Time (PST/PDT) 1-408-425-4726 (voice) 1-408-427-5443 (fax) Europe, Middle East, Africa: 9am-5:30pm UK Time (GMT/BST) ---------------------------- +44 (0)1923 816344 (voice) +44 (0)1923 817781 (fax)