IBM Information for VU#897604

Sendmail address parsing buffer overflow

Status

Affected

Vendor Statement

The AIX operating system is vulnerable to sendmail buffer overflow attack mentioned in CERT Advisory CA-2003-12 and CERT Vulnerability Note VU# 897604.

An efix is available from:

ftp://ftp.software.ibm.com/aix/efixes/security/sendmail_2_efix.tar.Z

The APAR numbers and availability dated for this issue are as follows:

    APAR number for AIX 4.3.3: IY42629 (available approx. 05/07/2003)
    APAR number for AIX 5.1.0: IY42630 (available approx. 04/28/2003)
    APAR number for AIX 5.2.0: IY42631 (available approx. 04/28/2003)
The APARs can be downloaded using the URL below and then following the links for your AIX release level.

http://techsupport.services.ibm.com/server/fixes?view=pSeries

For more information please contact your AIX Support Center.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

IBM z/OS - OS/390 - MVS systems are also affected (PQ72696):