, was left scrambling over the weekend to fix a remotely exploitable vulnerability that could allow an attacker to gain control of a unpatched sendmail server.
he vulnerability, discovered by Michal Zalewski, occurs because address parsing code in sendmail does not adequately check the length of email addresses. An email message with a specially crafted address could trigger a stack overflow. As a result, the vulnerability can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root, according to a CERT advisory issued over the weekend.
more from [url=http://www.internetnews.com/dev-news/article.php/2171951]internetnews[/url]
[url=http://www.sendmail.org/patchps.html]sendmail fix[/url]