Tutorial - Sendmail vulnerabilities
Sendmail vulnerabilities
Summary
Assorted sendmail vulnerabilities.
The problems
With almost every sendmail version that was built before February 1998,
a malicious user can gain unauthorized privileges by exploiting
newlines in command-line arguments or in the process environment or in
buffer overflow attacks. Intruders need to have access to an account on
your system to exploit this problem.
Fix
- Replace sendmail by a more recent version, for example from
www.sendmail.org, or use a corrected version from
your vendor.
- Follow vendor instructions in the numerous advisories from
CERT
Other tips
CVE References(s):
CVE-1999-0206 CVE-1999-0204 CVE-1999-0131 CVE-1999-0047