[Dshield] critical sendmail problem.

Stephane Grobety security at admin.fulgan.com
Tue Mar 4 08:30:58 GMT 2003


D> Does it *only* effect systems with sendmail listening and accepting mail
D> from the world, or are you vulnerable if you allow users to send mail
D> from local accounts? 

According to the advisory, the vulnerability is in the Email fields
parsing functions: To and From, I gather. So it means that, yes:
you're vulnerable even if you're only using sendmail for sending out
local mail as they will still be parsed but you'll be only vulnerable
to local attacks (from the users that have the right to submit mail to
the program).

Good luck,
Stephane



More information about the list mailing list