int(444)

Boletines de Vulnerabilidades

Desbordamiento de búfer en Sendmail

Clasificación de la vulnerabilidad
Propiedad Valor
Nivel de Confianza Oficial
Impacto Compromiso Root
Dificultad Experto
Requerimientos del atacante Acceso remoto sin cuenta a un servicio estandar

Información sobre el sistema
Propiedad Valor
Fabricante afectado UNIX
Software afectado Sendmail < Sendmail 8.12.10
Sendmail Switch
Sendmail Advanced Message Server (SAMS)
Sendmail (NT)

Descripción
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en Sendmail cuya explotación podría permitir la ejecución de código arbitrario en un sistema vulnerable.
En función de la plataforma y el sistema operativo, un potencial atacante puede llegar a ejecutar código mediante un email especialmente diseñado con ese fin.

Solución
Aplique los mecanismos de actualización propios de su sistema, o bien obtenga las fuentes del software y compílelo usted mismo.


Actualización de software

Fuentes de Sendmail
Descargue la versión 8.12.10 o superior
http://www.sendmail.org/8.12.10.html
O bien aplique este parche a las fuentes de una versión entre 8.9.x y 8.12.9
http://www.sendmail.org/patches/parse8.359.2.8

FreeBSD
Instale la actualización proporcionada por el fabricante
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:13/sendmail.patch

Debian Linux

Debian Linux 3.0 "Woody"
Fuentes
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6.dsc
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6.diff.gz
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5.dsc
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5.diff.gz
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta.orig.tar.gz
Componente independiente de la arquitectura
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.6_all.deb
Alpha
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_alpha.deb
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_alpha.deb
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_alpha.deb
ARM
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_arm.deb
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_arm.deb
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_arm.deb
Intel IA-32
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_i386.deb
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_i386.deb
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_i386.deb
Intel IA-64
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_ia64.deb
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_ia64.deb
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_ia64.deb
HPPA
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_hppa.deb
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_hppa.deb
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_hppa.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_m68k.deb
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_m68k.deb
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_m68k.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_mips.deb
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_mips.deb
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_mips.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_mipsel.deb
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_mipsel.deb
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_mipsel.deb
PowerPC
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_powerpc.deb
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_powerpc.deb
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_powerpc.deb
IBM S/390
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_s390.deb
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_s390.deb
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_s390.deb
Sun Sparc
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_sparc.deb
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_sparc.deb
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_sparc.deb

Mandrake Linux

Mandrake Linux 8.2
i586
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/8.2/RPMS/sendmail-8.12.1-4.5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/8.2/RPMS/sendmail-cf-8.12.1-4.5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/8.2/RPMS/sendmail-devel-8.12.1-4.5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/8.2/RPMS/sendmail-doc-8.12.1-4.5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/8.2/SRPMS/sendmail-8.12.1-4.5mdk.src.rpm
PPC
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/8.2/RPMS/sendmail-8.12.1-4.5mdk.ppc.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/8.2/RPMS/sendmail-cf-8.12.1-4.5mdk.ppc.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/8.2/RPMS/sendmail-devel-8.12.1-4.5mdk.ppc.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/8.2/RPMS/sendmail-doc-8.12.1-4.5mdk.ppc.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/8.2/SRPMS/sendmail-8.12.1-4.5mdk.src.rpm

Mandrake Linux 9.0
i586
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.0/RPMS/sendmail-8.12.6-3.5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.0/RPMS/sendmail-cf-8.12.6-3.5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.0/RPMS/sendmail-devel-8.12.6-3.5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.0/RPMS/sendmail-doc-8.12.6-3.5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.0/SRPMS/sendmail-8.12.6-3.5mdk.src.rpm

Mandrake Linux 9.1
i586
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.1/RPMS/sendmail-8.12.9-1.2mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.1/RPMS/sendmail-cf-8.12.9-1.2mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.1/RPMS/sendmail-devel-8.12.9-1.2mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.1/RPMS/sendmail-doc-8.12.9-1.2mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/9.1/SRPMS/sendmail-8.12.9-1.2mdk.src.rpm
PPC
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/9.1/RPMS/sendmail-8.12.9-1.2mdk.ppc.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/9.1/RPMS/sendmail-cf-8.12.9-1.2mdk.ppc.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/9.1/RPMS/sendmail-devel-8.12.9-1.2mdk.ppc.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/9.1/RPMS/sendmail-doc-8.12.9-1.2mdk.ppc.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/ppc/9.1/SRPMS/sendmail-8.12.9-1.2mdk.src.rpm

Mandrake Linux Corporate Server 2.1
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/corporate/2.1/RPMS/sendmail-8.12.6-3.5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/corporate/2.1/RPMS/sendmail-cf-8.12.6-3.5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/corporate/2.1/RPMS/sendmail-devel-8.12.6-3.5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/corporate/2.1/RPMS/sendmail-doc-8.12.6-3.5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates/corporate/2.1/SRPMS/sendmail-8.12.6-3.5mdk.src.rpm

Red Hat Linux

Red Hat Linux 7.1
i386
ftp://updates.redhat.com/7.1/en/os/sendmail-8.11.6-27.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/sendmail-cf-8.11.6-27.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/sendmail-devel-8.11.6-27.71.i386.rpm
ftp://updates.redhat.com/7.1/en/os/sendmail-doc-8.11.6-27.71.i386.rpm
ia64
ftp://updates.redhat.com/7.1/en/os/sendmail-8.11.6-27.71.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/sendmail-cf-8.11.6-27.71.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/sendmail-devel-8.11.6-27.71.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/sendmail-doc-8.11.6-27.71.ia64.rpm

Red Hat Linux 7.2
i386
ftp://updates.redhat.com/7.2/en/os/sendmail-8.11.6-27.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/sendmail-cf-8.11.6-27.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/sendmail-devel-8.11.6-27.72.i386.rpm
ftp://updates.redhat.com/7.2/en/os/sendmail-doc-8.11.6-27.72.i386.rpm
ia64
ftp://updates.redhat.com/7.2/en/os/sendmail-8.11.6-27.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/sendmail-cf-8.11.6-27.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/sendmail-devel-8.11.6-27.72.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/sendmail-doc-8.11.6-27.72.ia64.rpm

Red Hat Linux 7.3
i386
ftp://updates.redhat.com/7.3/en/os/sendmail-8.11.6-27.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/sendmail-cf-8.11.6-27.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/sendmail-devel-8.11.6-27.73.i386.rpm
ftp://updates.redhat.com/7.3/en/os/sendmail-doc-8.11.6-27.73.i386.rpm
ia64
ftp://updates.redhat.com/7.3/en/os/sendmail-8.11.6-27.73.ia64.rpm
ftp://updates.redhat.com/7.3/en/os/sendmail-cf-8.11.6-27.73.ia64.rpm
ftp://updates.redhat.com/7.3/en/os/sendmail-devel-8.11.6-27.73.ia64.rpm
ftp://updates.redhat.com/7.3/en/os/sendmail-doc-8.11.6-27.73.ia64.rpm

Red Hat Linux 8.0
ftp://updates.redhat.com/8.0/en/os/sendmail-8.12.8-9.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/sendmail-cf-8.12.8-9.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/sendmail-devel-8.12.8-9.80.i386.rpm
ftp://updates.redhat.com/8.0/en/os/sendmail-doc-8.12.8-9.80.i386.rpm

Red Hat Linux 9.0
ftp://updates.redhat.com/9/en/os/sendmail-8.12.8-9.90.i386.rpm
ftp://updates.redhat.com/9/en/os/sendmail-cf-8.12.8-9.90.i386.rpm
ftp://updates.redhat.com/9/en/os/sendmail-devel-8.12.8-9.90.i386.rpm
ftp://updates.redhat.com/9/en/os/sendmail-doc-8.12.8-9.90.i386.rpm

Slackware Linux

Slackware Linux CURRENT
Aplique el siguiente parche
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-8.12.10-i486-1.tgz

Slackware Linux 8.1
Aplique el siguiente parche
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.12.10-i386-1.tgz

Slackware Linux 9.0
Aplique el siguiente parche
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-8.12.10-i386-1.tgz

SuSE Linux

SuSE Linux 8.2
i586
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/sendmail-8.12.7-77.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/sendmail-devel-8.12.7-77.i586.rpm

SuSE Linux 8.1
i586
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/sendmail-8.12.6-159.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/sendmail-devel-8.12.6-159.i586.rpm

SuSE Linux 8.0
i386
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/sendmail-8.12.3-78.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d4/sendmail-devel-8.12.3-78.i386.rpm

SuSE Linux 7.3
i386
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/sendmail-8.11.6-167.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec2/sendmail-tls-8.11.6-169.i386.rpm
SPARC
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/sendmail-8.11.6-67.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/sec2/sendmail-tls-8.11.6-67.sparc.rpm
PPC
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/sendmail-8.11.6-126.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec2/sendmail-tls-8.11.6-125.ppc.rpm

SuSE Linux 7.2
i386
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/sendmail-8.11.3-112.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec2/sendmail-tls-8.11.3-116.i386.rpm

OpenBSD

OpenBSD 3.2
Aplique el siguiente parche
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/018_sendmail.patch

OpenBSD 3.3
Aplique el siguiente parche
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch

AIX

AIX: Parches temporales
Obtenga parches de inmediato en la siguiente dirección
ftp://ftp.software.ibm.com/aix/efixes/security/sendmail_4_efix.tar.Z

AIX 4.3.3
Los parches estarán disponibles en esta dirección
http://techsupport.services.ibm.com/rs6k/fixdb.html

AIX 5.1.0 y 5.2.0
Los parches estarán disponibles en esta dirección
http://techsupport.services.ibm.com/server/aix.fdc

HP-UX

HP-UX B.11.00
Instale Sendmail 8.9.3 - Parche PHNE_29773
http://itrc.hp.com

HP-UX B.11.00
Instale Sendmail 8.11.1 - Parche B.11.00.01.005
http://itrc.hp.com

HP-UX B.11.04
Instale Sendmail 8.9.3 - Parche PHNE_30224
http://itrc.hp.com

HP-UX B.11.11
Instale Sendmail 8.9.3 - Parche PHNE_29774
http://itrc.hp.com

HP-UX B.11.11
Instale Sendmail 8.11.1 - Parche B.11.11.01.006
http://itrc.hp.com

HP-UX B.11.22
Instale Sendmail 8.11.1 - Parche PHNE_29912
http://itrc.hp.com

HP-UX B.11.23
Instale Sendmail 8.11.1 - Parche PHNE_29913
http://itrc.hp.com

MacOS X

MacOS X Client
MacOS X Client 10.2 - 10.2.5
http://www.info.apple.com/kbnum/n120244/MacOSXUpdateCombo10.2.8.dmg
MacOS X Client 10.2.6, 10.2.7
http://www.info.apple.com/kbnum/n120245/MacOSXUpdate10.2.8.dmg

MacOS X Server
MacOS X Server 10.2 - 10.2.5
http://www.info.apple.com/kbnum/n120246/MacOSXSrvrUpdCombo10.2.8.dmg
MacOS X Server 10.2.6, 10.2.7
http://www.info.apple.com/kbnum/n120247/MacOSXServerUpdate10.2.8.dmg

SGI IRIX

IRIX 6.5.15 - 6.5.185326
Descargue el parche de la siguiente dirección
ftp://patches.sgi.com/support/free/security/patches/

IRIX 6.5.19 - 6.5.215325
Descargue el parche de la siguiente dirección
ftp://patches.sgi.com/support/free/security/patches/

Solaris

Solaris 7
SPARC
Instale el parche :107684-10
http://sunsolve.sun.com/securitypatch
x86
Instale el parche 107685-10
http://sunsolve.sun.com/securitypatch

Solaris 8
SPARC
Instale el parche 110615-10
http://sunsolve.sun.com/securitypatch
x86
Instale el parche 110616-10
http://sunsolve.sun.com/securitypatch

Solaris 9
SPARC
Instale el parche 113575-05
http://sunsolve.sun.com/securitypatch
x86
Instale el parche 114137-04
http://sunsolve.sun.com/securitypatch

HP Tru64 UNIX

HP Tru64 UNIX 4.0F
Descargue el parche de la siguiente dirección
http://ftp.support.compaq.com/patches/public/unix/v4.0f/duxkit0020136-v40fb22-es-20031001.tar

HP Tru64 UNIX 5.1A PK5 (BL23)
Descargue el parche de la siguiente dirección
http://ftp1.support.compaq.com/patches/public/unix/v5.1a/t64kit0020137-v51ab23-es-20031001.tar

HP Tru64 UNIX 5.1A PK4 (BL21)
Descargue el parche de la siguiente dirección
http://ftp1.support.compaq.com/patches/public/unix/v5.1a/t64kit0020138-v51ab21-es-20031001.tar

HP Tru64 UNIX 5.1
Descargue el parche de la siguiente dirección
http://ftp1.support.compaq.com/patches/public/unix/v5.1/t64kit0020139-v51b20-es-20031001.tar

NetBSD

NetBSD 1.5, 1.5.x
Descargue el parche de la siguiente dirección
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-release-1-5

NetBSD 1.6, 1.6.x
Descargue el parche de la siguiente dirección
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-release-1-6

NetBSD-current
Descargue el parche de la siguiente dirección
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current

SCO OpenLinux

OpenLinux 3.1.1 Server
Actualice los paquetes sendmail, sendmail-cf y sendmail-doc desde la siguiente dirección
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-036.0/RPMS

OpenLinux 3.1.1 Workstation
Actualice los paquetes sendmail, sendmail-cf y sendmail-doc desde la siguiente dirección
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-036.0/RPMS

Sun
Sun Linux
http://sunsolve.sun.com/patches/linux/security.html
Qube3
RaQ4
RaQ 550
RaQ XTR
http://sunsolve.sun.com/cobalt

Identificadores estándar
Propiedad Valor
CVE CAN-2003-0694
BID

Recursos adicionales
Official Sendmail announcement
http://www.sendmail.org/8.12.10.html

CERT Advisory CA-2003-25 Buffer Overflow in Sendmail
http://www.cert.org/advisories/CA-2003-25.html

Apple security article
http://docs.info.apple.com/article.html?artnum=61798

OpenBSD security advisory dated September 17, 2003
http://www.openbsd.org/errata.html

HP (Tru64) security advisory
http://ftp.support.compaq.com/patches/public/unix/v4.0f/duxkit0020136-v40fb22-es-20031001.README

HP (Tru64) security advisory
http://ftp.support.compaq.com/patches/public/unix/v5.1/t64kit0020139-v51b20-es-20031001.README

HP (Tru64) security advisory
http://ftp.support.compaq.com/patches/public/unix/v5.1a/t64kit0020137-v51ab23-es-20031001.README

HP (Tru64) security advisory
http://ftp.support.compaq.com/patches/public/unix/v5.1a/t64kit0020138-v51ab21-es-20031001.README

Linux Debian security advisory DSA-384
http://www.debian.org/security/2003/dsa-384.html

Linux Mandrake security advisory MDKSA-2003:092 dated September 17, 2003
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:092

Linux Red Hat security advisory RHSA-2003:283-01 dated September 17, 2003
https://rhn.redhat.com/errata/RHSA-2003-283.html

Linux Slackware security advisory SSA:2003-260-02 dated September 17, 2003
http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2003&m=slackware-security.452857

Linux SuSE security advisory SuSE-SA:2003:040 dated September 20, 2003
http://www.suse.de/de/security/index.html

NetBSD security advisory NetBSD-SA2003-016
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2003-016.txt.asc

SCO security advisory CSSA-2003-036 dated November 17, 2003
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-036.0.txt

Sendmail (commercial versions) security advisory dated September 17, 2003
http://www.sendmail.com/security/

SGI security advisory 20030903-01-P dated September 29, 2003
ftp://patches.sgi.com/support/free/security/advisories/20030903-01-P.asc

CERT/CC security advisory CA-2003-25 dated September 18, 2003
http://www.cert.org/advisories/CA-2003-25.html

HP security bulletin HPSBUX0309-281 dated September 21, 2003
http://itrc.hp.com

SCO Security Advisory SCOSA-2004.11
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt

Sun(sm) Alert Notification 56922
http://sunsolve.sun.com/search/document.do?assetkey=1-26-56922-1

Histórico de versiones
Versión Comentario Fecha
1.0 Aviso emitido 2003-11-28
1.1 Aviso emitido por SCO (SCOSA-2004.11) 2004-07-29
1.2 Aviso emitido por Sun (56922) 2005-04-14

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT