mailing list archives
Re: sendmail 8.12.8 available
From: "Mordechai T. Abzug" <morty () frakir org>
Date: Mon, 3 Mar 2003 20:39:14 -0500
On Mon, Mar 03, 2003 at 09:08:09AM -0800, Claus Assmann wrote:
SECURITY: Fix a remote buffer overflow in header parsing by
dropping sender and recipient header comments if the
comments are too long. Problem noted by Mark Dowd
of ISS X-Force.
Fix a potential non-exploitable buffer overflow in parsing the
.cf queue settings and potential buffer underflow in
parsing ident responses. Problem noted by Yichen Xie of
Stanford University Compilation Group.
Question: are the header and ident issues *only* remote overflow
problems, or is this also a local vulnerability? Ie. if one has a
system that doesn't run sendmail in daemon mode (-bd), but does make
sendmail available as an SUID root binary for submission to the local
smarthost and does run sendmail is queue-process mode (ie. -q15m), is
the system still vulnerable? Given that the problem is in the header
parsing, I would expect this to be both a remote and a local problem,
but I'd like to make sure before doing lots of upgrades.