Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Gentoo 200303-27: sendmail buffer overflow

Gentoo 200303-27: sendmail buffer overflow

by Nikola Strahija on April 2nd, 2003 Buffer overflow vulnerability has been found in all versions of Sendmail earlier than 8.12.9, which may allow remote attackers to gain root privileges.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-27
- - ---------------------------------------------------------------------

PACKAGE : sendmail
SUMMARY : buffer overflow
DATE : 2003-03-31 09:13 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <8.12.9
FIXED VERSION : >=8.12.9
CVE : CAN-2003-0161

- - ---------------------------------------------------------------------

- From advisory:
"There is a vulnerability in sendmail that can be exploited to cause
a denial-of-service condition and could allow a remote attacker to
execute arbitrary code with the privileges of the sendmail
daemon, typically root."

Read the full advisory at
http://www.cert.org/advisories/CA-2003-12.html

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-mail/sendmail upgrade to sendmail-8.12.9 as follows:

emerge sync
emerge sendmail
emerge clean

- - ---------------------------------------------------------------------
[email protected] - GnuPG key is available at http://cvs.gentoo.org/~aliz
[email protected]
- - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+iAbNfT7nyhUpoZMRAuQWAJ9DKi8B6JxgHVyxRLZfM1e5N0YyNQCgqM7Y
NwuiPB4hihTbTLAXIKg9/J8=
=RiMh
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »