127234 – sendmail-8.13.5 and older vulnerable to remote exploit

Bug 127234 - sendmail-8.13.5 and older vulnerable to remote exploit

Summary: sendmail-8.13.5 and older vulnerable to remote exploit

Status:	RESOLVED DUPLICATE of bug 125623

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.sendmail.org/8.13.6.html
Whiteboard:
Keywords:

Duplicates (1):	127324 (view as bug list)
Depends on:
Blocks:

Reported:	2006-03-22 13:59 UTC by Stephen Fromm
Modified:	2006-03-23 09:16 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stephen Fromm 2006-03-22 13:59:42 UTC

sendmail-8.13.6 was released to address a recently discovered vulnerability.  To quote the announcement:

   This vulnerability may permit a specifically crafted attack to take 
   over the sendmail MTA process, allowing remote attackers to execute 
   commands and run arbitrary programs on the system running the MTA, 
   affecting email delivery, or tampering with other programs and data 
   on this system....This connection-oriented vulnerability does not 
   occur in the normal course of sending and receiving email.  It is 
   only triggered when specific conditions are created through SMTP 
   connection layer commands.

References:
http://www.sendmail.org/8.13.6.html
http://www.sendmail.com/company/advisory/index.shtml
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-03-22 14:02:01 UTC

Thx for the notification. However this is already fixed.

*** This bug has been marked as a duplicate of 125623 ***

Comment 2 psyprus 2006-03-23 09:16:03 UTC

*** Bug 127324 has been marked as a duplicate of this bug. ***