Cox Crow
Asking the Stupid Questions Since 1971
Assessing the Risk
Sun's security alert Sun Alert ID: 51181: sendmail(1M) Parses Headers Incorrectly in Certain Corner Cases statesSystems are vulnerable if they have a sendmail daemon running.
CERT®'s — not to be confused with the breath mint — advisory CA-2003-07: Remote Buffer Overflow in Sendmail
This vulnerability is message-oriented as opposed to connection-oriented.
CVE Candidate CAN-2002-1337:
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via a certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
In assessing the risk posed by this vulnerability, you need to answer one question: when is the crackaddr
function called?
5:49:55 PM # Google It!
categories: Security
For your Top Sysadmin
Now this is the LART for the sysadmin who has to deal with bottoms all day.9:56:41 AM # Google It!
categories: System Administration