Bugtraq mailing list archives
Re: sendmail 8.12.9 available
From: Dan Harkless <bugtraq () harkless org>
Date: Sat, 29 Mar 2003 12:55:54 -0800
Claus Assmann <ca+announce () sendmail org> writes:
We apologize for releasing this information today (2003-03-29) but we were forced to do so by an e-mail on a public mailing list (that has been sent by an irresponsible individual) which contains information about the security flaw.
[...]
SECURITY: Fix a buffer overflow in address parsing due to a char to int conversion problem which is potentially remotely exploitable. Problem found by Michal Zalewski. Note: an MTA that is not patched might be vulnerable to data that it receives from untrusted sources, which includes DNS.
Since this was publically disclosed before a patch was available, I'm sure a lot of people would be interested in knowing whether attempts to exploit this are detectable in the syslog in sendmail's default configuration. -- Dan Harkless bugtraq () harkless org http://harkless.org/dan/
Current thread:
- sendmail 8.12.9 available Claus Assmann (Mar 29)
- Re: sendmail 8.12.9 available Dan Harkless (Mar 29)