[ale] [Fwd: buffer overflow in sendmail]

John Mills johnmills at speakeasy.net
Wed Sep 17 17:28:11 EDT 2003


ALErs -

Here we go again ...

On Wed, 17 Sep 2003, Jonathan Glass wrote:

> Yet another patch!
> 
> Jonathan Glass
> 
> ---------------------------- Original Message ----------------------------
> Subject: buffer overflow in sendmail
> From:    "Todd C. Miller" <Todd.Miller at courtesan.com>
> Date:    Wed, September 17, 2003 2:04 pm
> To:      security-announce at openbsd.org
> --------------------------------------------------------------------------
> 
> A buffer overflow in sendmail's address parsing routines has been
> found by Michal Zalewski.  The bug appears to be remotely exploitable on
> Linux and while it will be more difficult to exploit on OpenBSD it still
> looks to be possible.

 ...
 and thanks to Todd Miller, whom sendmail.org credits with the fix.

I don't find an RPM for RH-7.* beyond "sendmail-8.11.6-25.73.i386.rpm" so
it looks like 'build from source' again, but [for once!] I'm hesitant
because of FUD on moving to the new release and having to configure it.

Any words of wisdom on stepping from 8.11.6 to 8.12.10 in "one swell foop"
(other than, "Don't go anywhere _near_ there!")?

TIA.

 - John Mills
   john.m.mills at alum.mit.edu



More information about the Ale mailing list