Gentoo: sendmail buffer overflow vulnerability
Posted by LinuxSecurity.com Team   
Gentoo There is a vulnerability in sendmail that can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root.

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-27
- - ---------------------------------------------------------------------

          PACKAGE : sendmail
          SUMMARY : buffer overflow
             DATE : 2003-03-31 09:13 UTC
          EXPLOIT : remote
VERSIONS AFFECTED : <8.12.9
    FIXED VERSION : >=8.12.9
              CVE : CAN-2003-0161

- - ---------------------------------------------------------------------

- From advisory:
"There is a vulnerability in sendmail that can be exploited to cause 
a denial-of-service condition and could allow a remote attacker to 
execute arbitrary code with the privileges of the sendmail 
daemon, typically root."

Read the full advisory at 
http://www.cert.org/advisories/CA-2003-12.html

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-mail/sendmail upgrade to sendmail-8.12.9 as follows:

emerge sync
emerge sendmail
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at  http://cvs.gentoo.org/~aliz
avenj@gentoo.org
- - ---------------------------------------------------------------------