Claus Assmann <ca+announceat_private> writes: > We apologize for releasing this information today (2003-03-29) but > we were forced to do so by an e-mail on a public mailing list (that > has been sent by an irresponsible individual) which contains > information about the security flaw. [...] > SECURITY: Fix a buffer overflow in address parsing due to > a char to int conversion problem which is potentially > remotely exploitable. Problem found by Michal Zalewski. > Note: an MTA that is not patched might be vulnerable to > data that it receives from untrusted sources, which > includes DNS. Since this was publically disclosed before a patch was available, I'm sure a lot of people would be interested in knowing whether attempts to exploit this are detectable in the syslog in sendmail's default configuration. -- Dan Harkless bugtraqat_private http://harkless.org/dan/
This archive was generated by hypermail 2b30 : Sat Mar 29 2003 - 14:08:12 PST