sendmail - Remote Buffer Overflow [LWN.net]

Package(s):

sendmail

CVE #(s):

CAN-2002-1337

Created:

March 3, 2003

Updated:

March 10, 2003

Description:

ISS has turned up an unpleasant problem with sendmail; by sending a properly crafted message, an attacker can run arbitrary code as root on a target system. This is the sort of hole that can lead to all sorts of problems, including widespread breakins and Internet worms. Everybody who is running sendmail should upgrade to version 8.12.8 at the first opportunity. Note that systems behind firewalls need to be fixed too.

See CERT Advisory CA-2003-07 for additional information.

Alerts:

SCO Group	CSSA-2003-010.0	2003-03-10
Debian	DSA-257-2	2003-03-04
Yellow Dog	YDU-20030304-1	2003-03-04
OpenPKG	OpenPKG-SA-2003.016	2003-03-04
Gentoo	200303-4	2003-03-04
Debian	DSA-257-1	2003-03-04
Slackware	sl-1046746777	2003-03-04
Conectiva	CLA-2003:571	2003-03-03
Mandrake	MDKSA-2003:028	2003-03-03
SuSE	SuSE-SA:2003:013	2003-03-03
Red Hat	RHSA-2003:073-06	2003-03-03

(Log in to post comments)

Sendmail - Remote Buffer Overflow

Posted Mar 4, 2003 14:19 UTC (Tue) by angdraug (subscriber, #7487) [Link]

Advisory for Debian is already out there, too.

sendmail - Remote Buffer Overflow

Posted Mar 6, 2003 3:19 UTC (Thu) by barrygould (guest, #4774) [Link]

Interesting, I'm reading LWN from almost two weeks ago (2/20), yet this sendmail advisory from this week appears on it.

Does this mean that the security page keeps itself up to date?

Thanks,
Barry