More Headaches for Sendmail

Posted by deepquest on March 31, 2003 – 2:32 pm

, was left scrambling over the weekend to fix a remotely exploitable vulnerability that could allow an attacker to gain control of a unpatched sendmail server.

he vulnerability, discovered by Michal Zalewski, occurs because address parsing code in sendmail does not adequately check the length of email addresses. An email message with a specially crafted address could trigger a stack overflow. As a result, the vulnerability can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root, according to a CERT advisory issued over the weekend.

more from [url=http://www.internetnews.com/dev-news/article.php/2171951]internetnews[/url]
[url=http://www.sendmail.org/patchps.html]sendmail fix[/url]

This post is under “Security” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« 404ed? kitten loves nokia »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

More Headaches for Sendmail

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL