115094 : [DSA257] DSA-257-1 Sendmail

Risk 5 : Debian Local Checks

Mark Dowd of ISS X-Force found a bug in the header parsing routines of sendmail: it could overflow a buffer overflow when encountering addresses with very long comments. Since sendmail also parses headers when forwarding emails this vulnerability can hit mail-servers which do not deliver the email as well. This has been fixed in upstream release 8.12.8, version 8.12.3-5 of the package for Debian GNU/Linux 3.0/woody and version 8.9.3-25 of the package for Debian GNU/Linux 2.2/potato. DSA-257-2: Updated sendmail-wide packages are available in package version 8.9.3+3.2W-24 for Debian 2.2 (potato) and version 8.12.3+3.5Wbeta-5.2 for Debian 3.0 (woody).

Solution:
Read http://www.debian.org/security/2003/dsa-257 and install the recommended updated packages.
References:
CVSS Information:
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Tenable : 2009-12-04
New Search
Keywords
Risk Factor
Start Date
End Date
Browse