[unisog] Sendmail Vulnerability (8.12.10 current)

Joshua R. Knust jknust at vt.edu
Wed Sep 17 19:49:15 GMT 2003


Mr. Michal Zalewski again.....

http://www.sendmail.org/8.12.10.html
http://www.sendmail.org/ftp/RELEASE_NOTES

<<SNIP>>
8.12.10/8.12.10 2003/09/24
 SECURITY: Fix a buffer overflow in address parsing.  Problem
  detected by Michal Zalewski, patch from Todd C. Miller
  of Courtesan Consulting.
 Fix a potential buffer overflow in ruleset parsing.  This problem
  is not exploitable in the default sendmail configuration;
  only if non-standard rulesets recipient (2), final (4), or
  mailer-specific envelope recipients rulesets are used then
  a problem may occur.  Problem noted by Timo Sirainen.
<<SNIP>>



More information about the unisog mailing list