Mandrake Linux Security Advisory : sendmail (MDKSA-2003:042-1)
Critical Nessus Plugin ID 14026
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionMichal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion.
This vulnerability makes it poissible for an attacker to take control of sendmail and is thought to be remotely exploitable, and very likely locally exploitable. Updated packages are available with patches applied (the older versions), and the new fixed version is available for Mandrake Linux 9.1 users.
The packages for Mandrake Linux 9.1 and 9.1/PPC were not GPG-signed.
This has been fixed and as a result the md5sums have changed. Thanks to Mark Lyda for pointing this out.
SolutionUpdate the affected packages.