Mandrake Linux Security Advisory : sendmail (MDKSA-2003:092)
Critical Nessus Plugin ID 14074
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CVE-2003-0694).
Another potential buffer overflow was fixed in ruleset parsing which is not exploitable in the default sendmail configuration. A problem may occur if non-standard rulesets recipient (2), final (4), or mailer- specific envelope recipients rulesets are use. This problem was discovered by Timo Sirainen (CVE-2003-0681).
MandrakeSoft encourages all users who use sendmail to upgrade to the provided packages which are patched to fix both problems.
SolutionUpdate the affected packages.