Tutorial - Sendmail vulnerabilities
Sendmail vulnerabilities
Summary
Assorted sendmail vulnerabilities.
The problems
With almost every sendmail version that was built before February 1998,
a malicious user can gain unauthorized privileges by exploiting
newlines in command-line arguments or in the process environment or in
buffer overflow attacks. Intruders need not have access to an account on
your system to exploit this problem.
Another exploit involves using sendmail to generate a buffer overflow
in the syslog facility.
Fix
- Replace sendmail by a more recent version, for example from
www.sendmail.org, or use a corrected version from
your vendor.
- Follow vendor instructions in the numerous advisories from
CERT
Other tips
CVE References(s):