Re: sendmail 8.12.9 available
From: Dan Harkless (bugtraq@harkless.org)
Date: 03/29/03
- Previous message: Michal Zalewski: "Sendmail: -1 gone wild"
- Maybe in reply to: Claus Assmann: "sendmail 8.12.9 available"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Dan Harkless <bugtraq@harkless.org> To: bugtraq@securityfocus.com Date: Sat, 29 Mar 2003 12:55:54 -0800
Claus Assmann <ca+announce@sendmail.org> writes:
> We apologize for releasing this information today (2003-03-29) but
> we were forced to do so by an e-mail on a public mailing list (that
> has been sent by an irresponsible individual) which contains
> information about the security flaw.
[...]
> SECURITY: Fix a buffer overflow in address parsing due to
> a char to int conversion problem which is potentially
> remotely exploitable. Problem found by Michal Zalewski.
> Note: an MTA that is not patched might be vulnerable to
> data that it receives from untrusted sources, which
> includes DNS.
Since this was publically disclosed before a patch was available, I'm sure a
lot of people would be interested in knowing whether attempts to exploit
this are detectable in the syslog in sendmail's default configuration.
-- Dan Harkless bugtraq@harkless.org http://harkless.org/dan/
- Previous message: Michal Zalewski: "Sendmail: -1 gone wild"
- Maybe in reply to: Claus Assmann: "sendmail 8.12.9 available"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
