[unisog] Sendmail Vulnerability (8.12.10 current)

Joshua R. Knust jknust at vt.edu
Wed Sep 17 19:49:15 GMT 2003

Mr. Michal Zalewski again.....


8.12.10/8.12.10 2003/09/24
 SECURITY: Fix a buffer overflow in address parsing.  Problem
  detected by Michal Zalewski, patch from Todd C. Miller
  of Courtesan Consulting.
 Fix a potential buffer overflow in ruleset parsing.  This problem
  is not exploitable in the default sendmail configuration;
  only if non-standard rulesets recipient (2), final (4), or
  mailer-specific envelope recipients rulesets are used then
  a problem may occur.  Problem noted by Timo Sirainen.

More information about the unisog mailing list