Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: sendmail 8.12.9 available
From: Dan Harkless <bugtraq () harkless org>
Date: Sat, 29 Mar 2003 12:55:54 -0800


Claus Assmann <ca+announce () sendmail org> writes:
We apologize for releasing this information today (2003-03-29) but
we were forced to do so by an e-mail on a public mailing list (that
has been sent by an irresponsible individual) which contains
information about the security flaw.
[...]
      SECURITY: Fix a buffer overflow in address parsing due to
              a char to int conversion problem which is potentially
              remotely exploitable.  Problem found by Michal Zalewski.
              Note: an MTA that is not patched might be vulnerable to
              data that it receives from untrusted sources, which
              includes DNS.

Since this was publically disclosed before a patch was available, I'm sure a
lot of people would be interested in knowing whether attempts to exploit
this are detectable in the syslog in sendmail's default configuration.

--
Dan Harkless
bugtraq () harkless org
http://harkless.org/dan/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault