[Cialug] Sendmail
kristau
kristau at gmail.com
Fri Mar 24 23:08:41 CST 2006
sendmail sparked the e-mail revolution, but qmail solidified it.
Switch. . . now. . . please?
On 3/22/06, albus <albus at iowaconnect.com> wrote:
> This may not be news to some, but thought I'd put it out there for those
> that may not have seen it yet.
>
>
> --------------snip-----------
> National Cyber Alert System
>
> Technical Cyber Security Alert TA06-081A
>
>
> Sendmail Race Condition Vulnerability
>
> Original release date: March 22, 2006
> Last revised: --
> Source: US-CERT
>
>
> Systems Affected
>
> Sendmail versions prior to 8.13.6.
>
>
> Overview
>
> A race condition in Sendmail may allow a remote attacker to execute
> arbitrary code.
>
>
> I. Description
>
> Sendmail contains a race condition caused by the improper handling of
> asynchronous signals. In particular, by forcing the SMTP server to
> have an I/O timeout at exactly the correct instant, an attacker may be
> able to execute arbitrary code with the privileges of the Sendmail
> process.
>
> Details, including statements from affected vendors are available in
> the following Vulnerability Note:
> VU#834865 - Sendmail contains a race condition
> A race condition in Sendmail may allow a remote attacker to execute
> arbitrary code.
> (CVE-2006-0058)
>
> Please refer to the Sendmail MTA Security Vulnerability Advisory and
> the Sendmail version 8.13.6 release page for more information.
> -----------snip-----------------
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
--
Tired programmer
Coding late into the night
The core dump follows
My GNUPG public key is available at http://www.kristau.net/public_key.asc
More information about the Cialug
mailing list