[unisog] Sendmail Vulnerability (8.12.10 current)
Joshua R. Knust
jknust at vt.edu
Wed Sep 17 19:49:15 GMT 2003
Mr. Michal Zalewski again.....
SECURITY: Fix a buffer overflow in address parsing. Problem
detected by Michal Zalewski, patch from Todd C. Miller
of Courtesan Consulting.
Fix a potential buffer overflow in ruleset parsing. This problem
is not exploitable in the default sendmail configuration;
only if non-standard rulesets recipient (2), final (4), or
mailer-specific envelope recipients rulesets are used then
a problem may occur. Problem noted by Timo Sirainen.
More information about the unisog