---

Home Security

Gentoo Linux Advisory: sendmail

By

GENTOO LINUX SECURITY ANNOUNCEMENT 200309-13

PACKAGE : sendmail
SUMMARY : buffer overflows
DATE : 2003-09-17 20:52 UTC
EXPLOIT : remote
VERSIONS AFFECTED :
FIXED VERSION : >=sendmail-8.2.10
CVE :

quote from release notes:

“Fix a buffer overflow in address parsing. Problem detected by
Michal Zalewski, patch from Todd C. Miller of Courtesan
Consulting.

Fix a potential buffer overflow in ruleset parsing. This problem
is not exploitable in the default sendmail configuration; only if
non-standard rulesets recipient (2), final (4), or mailer-specific
envelope recipients rulesets are used then a problem may occur.
Problem noted by Timo Sirainen.”

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-mail/sendmail upgrade to sendmail-8.2.10 as follows:

emerge sync
emerge sendmail
emerge clean

[email protected] – GnuPG key is
available at http://dev.gentoo.org/~aliz

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.