[ale] [Fwd: buffer overflow in sendmail]
John Mills
johnmills at speakeasy.net
Wed Sep 17 17:28:11 EDT 2003
ALErs -
Here we go again ...
On Wed, 17 Sep 2003, Jonathan Glass wrote:
> Yet another patch!
>
> Jonathan Glass
>
> ---------------------------- Original Message ----------------------------
> Subject: buffer overflow in sendmail
> From: "Todd C. Miller" <Todd.Miller at courtesan.com>
> Date: Wed, September 17, 2003 2:04 pm
> To: security-announce at openbsd.org
> --------------------------------------------------------------------------
>
> A buffer overflow in sendmail's address parsing routines has been
> found by Michal Zalewski. The bug appears to be remotely exploitable on
> Linux and while it will be more difficult to exploit on OpenBSD it still
> looks to be possible.
...
and thanks to Todd Miller, whom sendmail.org credits with the fix.
I don't find an RPM for RH-7.* beyond "sendmail-8.11.6-25.73.i386.rpm" so
it looks like 'build from source' again, but [for once!] I'm hesitant
because of FUD on moving to the new release and having to configure it.
Any words of wisdom on stepping from 8.11.6 to 8.12.10 in "one swell foop"
(other than, "Don't go anywhere _near_ there!")?
TIA.
- John Mills
john.m.mills at alum.mit.edu
More information about the Ale
mailing list