On Wed, Apr 02, 2003 at 07:57:35AM -0700, Tom Clements wrote: > --Sendmail Users Face Second Major Security Flaw > (31 March 2003) Yes, it's on its way. Expect it very soon. I think the updated packages have all (or almost all) completed building. > Most versions of sendmail do not adequately check the length of > e-mail addresses, and a carefully crafted address can trigger a > stack overflow and potentially allow the attacker to take control of > the system. Sendmail developers published a patch to address this vulnerability. If you can't wait for the new packages, you can always download the source for the current packages, apply the patch, and build new packages yourself. Note that there is no *known* exploit for this vulnerability, though, and there have been no reports of compromises due to it. I'm sure somebody will correct me in short order if I'm sharing outdated info here. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgpoPezSedKL9.pgp
Description: PGP signature