[Cialug] Sendmail
albus
albus at iowaconnect.com
Wed Mar 22 14:17:11 CST 2006
This may not be news to some, but thought I'd put it out there for those
that may not have seen it yet.
--------------snip-----------
National Cyber Alert System
Technical Cyber Security Alert TA06-081A
Sendmail Race Condition Vulnerability
Original release date: March 22, 2006
Last revised: --
Source: US-CERT
Systems Affected
Sendmail versions prior to 8.13.6.
Overview
A race condition in Sendmail may allow a remote attacker to execute
arbitrary code.
I. Description
Sendmail contains a race condition caused by the improper handling of
asynchronous signals. In particular, by forcing the SMTP server to
have an I/O timeout at exactly the correct instant, an attacker may be
able to execute arbitrary code with the privileges of the Sendmail
process.
Details, including statements from affected vendors are available in
the following Vulnerability Note:
VU#834865 - Sendmail contains a race condition
A race condition in Sendmail may allow a remote attacker to execute
arbitrary code.
(CVE-2006-0058)
Please refer to the Sendmail MTA Security Vulnerability Advisory and
the Sendmail version 8.13.6 release page for more information.
-----------snip-----------------
More information about the Cialug
mailing list