Debian 3.0 Critical Advisory: Sendmail Remote Command Execution
debian
March 4, 2003
A remote vulnerability exists that can result in commands can be executed with administrative privileges.
Summary
Package : sendmail
Problem type : remote exploit
Debian-specific: no
Mark Dowd of ISS X-Force found a bug in the header parsing routines
of sendmail: it could overflow a buffer overflow when encountering
addresses with very long comments. Since sendmail also parses headers
when forwarding emails this vulnerability can hit mail-servers which do
not deliver the email as well.
This has been fixed in upstream release 8.12.8, version 8.12.3-5 of
the package for Debian GNU/Linux 3.0/woody and version 8.9.3-25 of the
package for Debian GNU/Linux 2.2/potato.
Obtaining updates:
By hand:
wget URL
will fetch the file for you.
dpkg -i FILENAME.deb
will install the fetched file.
With apt:
deb Debian -- Security Information stable/updates main
added to /etc/apt/sources.list will provide security updates
Additional information can be found on the Debian security webpages
at Debian -- Security Information
Debian GNU/Linux 2.2 alias potato
Potato was released for alp...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!