|
|
Subscribe / Log in / New account

sendmail - Remote Buffer Overflow

Package(s):sendmail CVE #(s):CAN-2002-1337
Created:March 3, 2003 Updated:March 10, 2003
Description: ISS has turned up an unpleasant problem with sendmail; by sending a properly crafted message, an attacker can run arbitrary code as root on a target system. This is the sort of hole that can lead to all sorts of problems, including widespread breakins and Internet worms. Everybody who is running sendmail should upgrade to version 8.12.8 at the first opportunity. Note that systems behind firewalls need to be fixed too.

See CERT Advisory CA-2003-07 for additional information.

Alerts:
SCO Group CSSA-2003-010.0 sendmail 2003-03-10
Debian DSA-257-2 sendmail-wide 2003-03-04
Yellow Dog YDU-20030304-1 sendmail 2003-03-04
OpenPKG OpenPKG-SA-2003.016 sendmail 2003-03-04
Gentoo 200303-4 sendmail 2003-03-04
Debian DSA-257-1 sendmail 2003-03-04
Slackware sl-1046746777 sendmail 2003-03-04
Conectiva CLA-2003:571 sendmail 2003-03-03
Mandrake MDKSA-2003:028 sendmail 2003-03-03
SuSE SuSE-SA:2003:013 sendmail, 2003-03-03
Red Hat RHSA-2003:073-06 sendmail 2003-03-03
to post comments

Sendmail - Remote Buffer Overflow

Posted Mar 4, 2003 14:19 UTC (Tue) by angdraug (subscriber, #7487) [Link]

Advisory for Debian is already out there, too.

sendmail - Remote Buffer Overflow

Posted Mar 6, 2003 3:19 UTC (Thu) by barrygould (guest, #4774) [Link]

Interesting, I'm reading LWN from almost two weeks ago (2/20), yet this sendmail advisory from this week appears on it.

Does this mean that the security page keeps itself up to date?

Thanks,
Barry


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds