Security issue with sendmail < 8.13.6 (released today)
Adam Gibson
agibson at ptm.com
Wed Mar 22 20:42:47 UTC 2006
http://www.sendmail.com/company/advisory/index.shtml
"Sendmail, Inc. has recently become aware of a security vulnerability in
certain versions of sendmail Mail Transfer Agent (MTA) and UNIX and
Linux products that contain it. Sendmail was notified by security
researchers at ISS that, under some specific timing conditions, this
vulnerability may permit a specifically crafted attack to take over the
sendmail MTA process, allowing remote attackers to execute commands and
run arbitrary programs on the system running the MTA, affecting email
delivery, or tampering with other programs and data on this system."
More information about the fedora-legacy-list
mailing list