-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2006-9 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 28 Jun 2006 Last revised: 28 Jun 2006 Package: sendmail Summary: sendmail denial of service attack More information: Sendmail is a Mail Transport Agent, which is the program that moves mail from one machine to another. A vulnerability in the manner in which MIME message handles sendmail. Impact: The sendmail allows remote attackers to cause a denial of service. Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server Source Packages Size: MD5 sendmail-8.13.1-8.src.rpm 2004673 d47c9b697f63263e6efcbb506ddb83ea Binary Packages Size: MD5 sendmail-8.13.1-8.i586.rpm 453653 885bb67f267c4dd169b20f359843d87f sendmail-cf-8.13.1-8.i586.rpm 157365 3d1080fa8175ed8760895056091be02e Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/sendmail-8.13.1-8.src.rpm 2004673 b8c30f18ac4c33bcf08c80b3441f4d26 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-8.13.1-8.x86_64.rpm 532602 bc38b7d193a7a6c6ed39dece8eab2d8b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-cf-8.13.1-8.x86_64.rpm 157196 34e3817fae1c347cd89d1feba501f733 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-devel-8.13.1-8.x86_64.rpm 134361 1ba1a02d97ed57f09f5068348dfa8cfa ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-doc-8.13.1-8.x86_64.rpm 450319 6ab5ff2b349265ba657a9f4ee4098694 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-vacation-8.13.1-8.x86_64.rpm 58232 c563b70c5dac6f5723dec6f4f99da36c Source Packages Size: MD5 sendmail-8.12.10-7.src.rpm 1932974 c160244d3dc3384b212e1a0df49643bd Binary Packages Size: MD5 sendmail-8.12.10-7.i586.rpm 435850 b20f78ba7b61b3e7b4fce8a097608a70 sendmail-cf-8.12.10-7.i586.rpm 146313 ba2d49164d1207880b0ad29613ecdb84 sendmail-doc-8.12.10-7.i586.rpm 429113 a36f1b84c5541a7f460520a9f71f90a0 Source Packages Size: MD5 sendmail-8.12.10-7.src.rpm 1932974 edd6ea4808bc5b41866cb17976fdee46 Binary Packages Size: MD5 sendmail-8.12.10-7.i586.rpm 436122 7916289f2d8b65677fdcc6982709c22c sendmail-cf-8.12.10-7.i586.rpm 146540 875d9ace81697f15d35f9e6af2fcb893 sendmail-doc-8.12.10-7.i586.rpm 429370 e7b79712172cfb2e63c06c3abb62f69e Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/sendmail-8.13.1-8.src.rpm 2004673 d47c9b697f63263e6efcbb506ddb83ea Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-8.13.1-8.i586.rpm 453653 885bb67f267c4dd169b20f359843d87f ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-cf-8.13.1-8.i586.rpm 157365 3d1080fa8175ed8760895056091be02e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-devel-8.13.1-8.i586.rpm 125295 9ca93d3585a8351dc5416637d06059ef ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-doc-8.13.1-8.i586.rpm 450637 9d49f367f3e3cabdacf05c67b25e1d87 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-vacation-8.13.1-8.i586.rpm 50175 97147a0317c69be3c89d9f191e9675c5 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/sendmail-8.12.10-8.src.rpm 1933017 88b0182320d910aa8727213f7388d0c9 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/sendmail-8.12.10-8.i586.rpm 436049 13eacebcbabe9eea7a6b542c7031bdf0 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/sendmail-cf-8.12.10-8.i586.rpm 146578 79c76bf05849b10e977ea38eae997c40 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/sendmail-doc-8.12.10-8.i586.rpm 429242 bde2633410e2d82cb11c381780af7257 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/sendmail-8.13.6-4.src.rpm 2026696 51dff990bbd5f3d47cae394379675e20 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/sendmail-8.13.6-4.i586.rpm 410560 124687a9739be3737492f89443778f3e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/sendmail-cf-8.13.6-4.i586.rpm 151336 ac438132fb154fc65f9d4c3d40febe3b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/sendmail-doc-8.13.6-4.i586.rpm 418910 c94f9ee59e8a885cc19fb8d8661e13d9 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/sendmail-8.13.6-4.src.rpm 2026696 a5a4e745c68399042f8273edd9d354dd Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/sendmail-8.13.6-4.i586.rpm 406655 8eba7e25984856a8bd5a980b69a463cd ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/sendmail-cf-8.13.6-4.i586.rpm 151408 f9f66e86d337a36bf9900764994c3a97 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/sendmail-doc-8.13.6-4.i586.rpm 418952 b23bc9e300fb5c26971a7d00a238ac9e References: sendmail.org [Sendmail-SA-200605-01] http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc CVE [CAN-2006-1173] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-1173 JPCERT/CC [JPCERT/CC Alert 2006-06-15] http://www.jpcert.or.jp/at/2006/at060008.txt -------------------------------------------------------------------------- Revision History 28 Jun 2006 Initial release -------------------------------------------------------------------------- Copyright(C) 2006 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFEonneK0LzjOqIJMwRAgsYAJ9VcGFZ82mvOaI/gPNMWH7fPqCcBACgpvR4 yB/dE8rerHJMfd+DvN6QpXk= =XXYg -----END PGP SIGNATURE-----