Home page logo

bugtraq logo Bugtraq mailing list archives

Re: sendmail 8.12.9 available
From: Dan Harkless <bugtraq () harkless org>
Date: Sat, 29 Mar 2003 12:55:54 -0800

Claus Assmann <ca+announce () sendmail org> writes:
We apologize for releasing this information today (2003-03-29) but
we were forced to do so by an e-mail on a public mailing list (that
has been sent by an irresponsible individual) which contains
information about the security flaw.
      SECURITY: Fix a buffer overflow in address parsing due to
              a char to int conversion problem which is potentially
              remotely exploitable.  Problem found by Michal Zalewski.
              Note: an MTA that is not patched might be vulnerable to
              data that it receives from untrusted sources, which
              includes DNS.

Since this was publically disclosed before a patch was available, I'm sure a
lot of people would be interested in knowing whether attempts to exploit
this are detectable in the syslog in sendmail's default configuration.

Dan Harkless
bugtraq () harkless org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]