Bug 40870 (CVE-2002-1337)

Summary: VUL-0: CVE-2002-1337: fix for CERT Advisory CA-2003-07 (sendmail)
Product: [Novell Products] SUSE Security Incidents Reporter: Janet Smith <janet_smith>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: VERIFIED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium    
Version: unspecified   
Target Milestone: ---   
Hardware: S/390   
OS: Linux   
Whiteboard: CVE-2002-1337: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 41980    
Bug Blocks: 41978    

Description Janet Smith 2003-03-27 04:01:33 UTC 
Do you have a fix for sendmail on s390x & s390:
    CERT® Advisory CA-2003-07 Remote Buffer Overflow in 

SuSE 7.0 for platform s390 - sendmail-8.11.0-31
SLES7 for platform s390  - sendmail-8.11.3-35
SLES7 for platform s390x - sendmail-8.11.3-44
Comment 1 Roman Drahtmueller 2003-04-01 18:11:15 UTC 
Yes, the fixes for SLES7 are available since March 3rd.
Please note that these fixes will be obsoleted by a new update for
sendmail today.

Roman.
Comment 2 Janet Smith 2003-04-08 05:31:27 UTC 
<!-- SBZ_reopen -->Reopened by janet_smith@bmc.com at Mon Apr  7 23:31:27 2003
Comment 3 Janet Smith 2003-04-08 05:31:27 UTC 
I find fixed for various architecture, but I DON'T see the fixes for the s390 & 
s390x.  Can you please direct me to the fixes for: 

  SuSE 7.0 for platform s390 - sendmail-8.11.0-31
  SLES7 for platform s390  - sendmail-8.11.3-35
  SLES7 for platform s390x - sendmail-8.11.3-44

thanks in advance
Comment 4 Roman Drahtmueller 2003-09-24 02:08:33 UTC 
Hello Janet,

the patch in question can be found on /s390/update/SuSE-SLES/7/patches/patch-7758
and the package is /s390/update/SuSE-SLES/7/rpm/sendmail-20030919.rpm
For s390x, this is /s390x/update/SuSE-SLES/7/patches/patch-7758, the update
package is /s390x/update/SuSE-SLES/7/rpm/sendmail-20030919.rpm

Thank you,
Roman.
I'm closing the bug again. Please reopen it if you feel this is necessary.
Comment 5 Janet Smith 2003-12-02 05:20:18 UTC 
<!-- SBZ_reopen -->Reopened by janet_smith@bmc.com at Mon Dec  1 22:20:18 2003
Comment 6 Janet Smith 2003-12-02 05:20:18 UTC 
Sorry... but I can't find these rpms at the locations you mention.  

I have anonymously ftp to:  ftp.suse.com 

I have also tried various mirror site.

There is NOT anything under:
ftp.suse.com/pub/suse/s390/update

And there IS NOT a directory:
ftp.suse.com/pub/suse/s390x

Please, tell me which ftp site holds these files.

Thanks,
Janet
Comment 7 Thomas Biege 2003-12-16 16:58:45 UTC 
Pleas try this: 
support.suse.de/s390/update/SuSE-SLES/7/rpm/sendmail-20030919.rpm 
support.suse.de/s390x/update/SuSE-SLES/7/rpm/sendmail-20030919.rpm 
 
I am not sure if you can reach this site via FTP. 
But they can be fetched via http://portal.suse.de . 
 
- SuSE Linux Enterprise Server 7 for S/390 and zSeries (s390): 
  http://sdb.suse.de/download/s390/update/SuSE-SLES/7/rpm/
sendmail-20030919.rpm 
- SuSE Linux Enterprise Server 7 for IBM zSeries (s390x): 
  http://sdb.suse.de/download/s390x/update/SuSE-SLES/7/rpm/
sendmail-20030919.rpm 
 
Have a Happy Christmas!
Comment 9 Thomas Biege 2009-10-13 19:33:14 UTC 
CVE-2002-1337: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)