LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [LSD] Technical analysis of the remote sendmail vulnerability

[Posted March 5, 2003 by corbet]

From:  Eric Allman <eric+bugtraq@sendmail.org>
To:  bugtraq@securityfocus.com
Subject:  Re: [LSD] Technical analysis of the remote sendmail vulnerability
Date:  Tue, 04 Mar 2003 09:29:02 -0800

I want to emphasize one of the last sentences in this posting:
``However, we cannot exclude that there does not exist another
execution path in the sendmail code, that could lead to the program
counter overwrite.''  Please don't breath a sigh of relief because
you are running on one of the "does not crash" systems.

Besides direct execution path exploits, there are other variables
that are not pointers that have security implications; finding one of
them within range will be more difficult, but probably not impossible.

Everyone should patch as soon as possible, regardless of platform.

eric
(Log in to post comments)

Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds