aru Posted April 1, 2003 Report Share Posted April 1, 2003 MandrakeSoft Security Advisory MDKSA-2003:042 : sendmail April 1st, 2003 Updated sendmail packages fix local and remote vulnerability Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion. This vulnerability makes it poissible for an attacker to take control of sendmail and is thought to be remotely exploitable, and very likely locally exploitable. Updated packages are available with patches applied (the older versions), and the new fixed version is available for Mandrake Linux 9.1 users. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 8.2/PPC [*] 9.0 [*] 9.1 [*] 9.1/PPC [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:042 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0161 http://www.cert.org/advisories/CA-2003-12.html Posted automatically by aru (mdksec2mub v0.0.5) Link to comment Share on other sites More sharing options...
Recommended Posts