[Cialug] Sendmail

NOC - LanSide.net noc at lanside.net
Sun Mar 26 15:50:38 CST 2006 

Or, better yet, postfix  :P

On Fri, 2006-03-24 at 23:08 -0600, kristau wrote:
> sendmail sparked the e-mail revolution, but qmail solidified it. 
> Switch. . . now. . . please?
> 
> On 3/22/06, albus <albus at iowaconnect.com> wrote:
> > This may not be news to some, but thought I'd put it out there for those
> > that may not have seen it yet.
> >
> >
> > --------------snip-----------
> >  National Cyber Alert System
> >
> >                  Technical Cyber Security Alert TA06-081A
> >
> >
> > Sendmail Race Condition Vulnerability
> >
> >    Original release date: March 22, 2006
> >    Last revised: --
> >    Source: US-CERT
> >
> >
> > Systems Affected
> >
> >    Sendmail versions prior to 8.13.6.
> >
> >
> > Overview
> >
> >    A race condition in Sendmail may allow a remote attacker to execute
> >    arbitrary code.
> >
> >
> > I. Description
> >
> >    Sendmail contains a race condition caused by the improper handling of
> >    asynchronous signals. In particular, by forcing the SMTP server to
> >    have an I/O timeout at exactly the correct instant, an attacker may be
> >    able to execute arbitrary code with the privileges of the Sendmail
> >    process.
> >
> >    Details, including statements from affected vendors are available in
> >    the following Vulnerability Note:
> >    VU#834865 - Sendmail contains a race condition
> >    A race condition in Sendmail may allow a remote attacker to execute
> >    arbitrary code.
> >    (CVE-2006-0058)
> >
> >    Please refer to the Sendmail MTA Security Vulnerability Advisory and
> >    the Sendmail version 8.13.6 release page for more information.
> > -----------snip-----------------
> >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> 
> 
> --
> Tired programmer
> Coding late into the night
> The core dump follows
> 
> My GNUPG public key is available at http://www.kristau.net/public_key.asc
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list