Debian DSA-1015-1 : sendmail - programming error
High Nessus Plugin ID 22557
SynopsisThe remote Debian host is missing a security-related update.
DescriptionMark Dowd discovered a flaw in the handling of asynchronous signals in sendmail, a powerful, efficient, and scalable mail transport agent.
This allows a remote attacker to exploit a race condition to execute arbitrary code as root.
SolutionUpgrade the sendmail package immediately.
For the old stable distribution (woody) this problem has been fixed in version 8.12.3-7.2.
For the stable distribution (sarge) this problem has been fixed in version 8.13.4-3sarge1.