Debian: DSA-257-2 Critical: Sendmail-Wide Remote Exploit
debian
March 5, 2003
This advisory is an addendum to DSA-257-1; the sendmail problem discussed there also applies to the sendmail-wide packages.
Topics Covered
Summary
Package : sendmail-wide
Problem type : remote exploit
Debian-specific: no
This advisory is an addendum to DSA-257-1; the sendmail problem
discussed there also applies to the sendmail-wide packages.
Mark Dowd of ISS X-Force found a bug in the header parsing routines
of sendmail: it could overflow a buffer when encountering addresses
specially crafted addresses.
This has been fixed in version 8.9.3+3.2W-24 of the package for Debian
GNU/Linux 2.2/potato and version 8.12.3+3.5Wbeta-5.2 of the package
for Debian GNU/Linux 3.0/woody.
Obtaining updates:
By hand:
wget URL
will fetch the file for you.
dpkg -i FILENAME.deb
will install the fetched file.
With apt:
deb Debian -- Security Information stable/updates main
added to /etc/apt/sources.list will provide security updates
Additional information can be found on the Debian security webpages
at Debian -- Security Information
Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, pow...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!