Hi all, There is a new Sendmail vulnerability. The news made it to BugtraQ a moment ago:
http://www.securityfocus.com/archive/1/316760 http://www.securityfocus.com/archive/1/316773 CVE: CAN-2003-0161 CERT: VU#897604 --------------------------- excerpt: --------------------------- ******************************************************** *** FORCED RELEASE -- VENDOR NOTIFIED AS OF 03/18/03 *** ******************************************************** There is a vulnerability in Sendmail versions 8.12.8 and prior. The address parser performs insufficient bounds checking in certain conditions due to a char to int conversion, making it possible for an attacker to take control of the application. This problem is not related to the recent ISS vulnerability announcement. [...] The impact is believed to be a root compromise. ----------------------------------------------------------------- I'm now rolling up a new (second) unofficial Sendmail patch for different Sun Cobalt appliances. They should be available shortly on http://www.solarspeed.net -- With best regards, Michael Stauber _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
