Security
Tuesday, March 04, 2003Assessing the Risk
Sun's security alert Sun Alert ID: 51181: sendmail(1M) Parses Headers Incorrectly in Certain Corner Cases statesSystems are vulnerable if they have a sendmail daemon running.
CERT®'s — not to be confused with the breath mint — advisory CA-2003-07: Remote Buffer Overflow in Sendmail
This vulnerability is message-oriented as opposed to connection-oriented.
CVE Candidate CAN-2002-1337:
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via a certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
In assessing the risk posed by this vulnerability, you need to answer one question: when is the crackaddr function called?
5:49:55 PM # Google It!
categories: Security
