40870 – (CVE-2002-1337) VUL-0: CVE-2002-1337: fix for CERT Advisory CA-2003-07 (sendmail)

Bug 40870 (CVE-2002-1337) - VUL-0: CVE-2002-1337: fix for CERT Advisory CA-2003-07 (sendmail)

Summary: VUL-0: CVE-2002-1337: fix for CERT Advisory CA-2003-07 (sendmail)

Status:	VERIFIED FIXED

Alias:	CVE-2002-1337

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	S/390 Linux

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2002-1337: CVSS v2 Base Score: 10...
Keywords:

Depends on:	41980
Blocks:	41978
	Show dependency tree / graph

Clone This Bug

Reported:	2003-03-27 04:01 UTC by Janet Smith
Modified:	2021-09-27 09:49 UTC (History)
CC List:	0 users

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Janet Smith 2003-03-27 04:01:33 UTC

Do you have a fix for sendmail on s390x & s390:
    CERT® Advisory CA-2003-07 Remote Buffer Overflow in 

SuSE 7.0 for platform s390 - sendmail-8.11.0-31
SLES7 for platform s390  - sendmail-8.11.3-35
SLES7 for platform s390x - sendmail-8.11.3-44

Comment 1 Roman Drahtmueller 2003-04-01 18:11:15 UTC

Yes, the fixes for SLES7 are available since March 3rd.
Please note that these fixes will be obsoleted by a new update for
sendmail today.

Roman.

Comment 2 Janet Smith 2003-04-08 05:31:27 UTC

<!-- SBZ_reopen -->Reopened by janet_smith@bmc.com at Mon Apr  7 23:31:27 2003

Comment 3 Janet Smith 2003-04-08 05:31:27 UTC

I find fixed for various architecture, but I DON'T see the fixes for the s390 & 
s390x.  Can you please direct me to the fixes for: 

  SuSE 7.0 for platform s390 - sendmail-8.11.0-31
  SLES7 for platform s390  - sendmail-8.11.3-35
  SLES7 for platform s390x - sendmail-8.11.3-44

thanks in advance

Comment 4 Roman Drahtmueller 2003-09-24 02:08:33 UTC

Hello Janet,

the patch in question can be found on /s390/update/SuSE-SLES/7/patches/patch-7758
and the package is /s390/update/SuSE-SLES/7/rpm/sendmail-20030919.rpm
For s390x, this is /s390x/update/SuSE-SLES/7/patches/patch-7758, the update
package is /s390x/update/SuSE-SLES/7/rpm/sendmail-20030919.rpm

Thank you,
Roman.
I'm closing the bug again. Please reopen it if you feel this is necessary.

Comment 5 Janet Smith 2003-12-02 05:20:18 UTC

<!-- SBZ_reopen -->Reopened by janet_smith@bmc.com at Mon Dec  1 22:20:18 2003

Comment 6 Janet Smith 2003-12-02 05:20:18 UTC

Sorry... but I can't find these rpms at the locations you mention.  

I have anonymously ftp to:  ftp.suse.com 

I have also tried various mirror site.

There is NOT anything under:
ftp.suse.com/pub/suse/s390/update

And there IS NOT a directory:
ftp.suse.com/pub/suse/s390x

Please, tell me which ftp site holds these files.

Thanks,
Janet

Comment 7 Thomas Biege 2003-12-16 16:58:45 UTC

Pleas try this: 
support.suse.de/s390/update/SuSE-SLES/7/rpm/sendmail-20030919.rpm 
support.suse.de/s390x/update/SuSE-SLES/7/rpm/sendmail-20030919.rpm 
 
I am not sure if you can reach this site via FTP. 
But they can be fetched via http://portal.suse.de . 
 
- SuSE Linux Enterprise Server 7 for S/390 and zSeries (s390): 
  http://sdb.suse.de/download/s390/update/SuSE-SLES/7/rpm/
sendmail-20030919.rpm 
- SuSE Linux Enterprise Server 7 for IBM zSeries (s390x): 
  http://sdb.suse.de/download/s390x/update/SuSE-SLES/7/rpm/
sendmail-20030919.rpm 
 
Have a Happy Christmas!

Comment 9 Thomas Biege 2009-10-13 19:33:14 UTC

CVE-2002-1337: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)