Quantcast

security hole in sendmail

Previous Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

security hole in sendmail

Peter Valchev-2
A race condition exists in sendmail's handling of asynchronous signals.
A remote attacker may be able to execute arbitrary source code with the
privileges of the user running sendmail, typically root.

The fixes have been applied to the 3.7-stable, 3.8-stable and 3.9-stable
branches, and are also available as patches.  3.9-current has been
updated to the new sendmail version which has this addressed as well.

Patches for the respective releases:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/001_sendmail.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/006_sendmail.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/012_sendmail.patch

Loading...