[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Remote Sendmail Header Processing Vulnerability

Subject: [cobalt-security] Remote Sendmail Header Processing Vulnerability
From: Mail List <maillist@xxxxxxxxxxxx>
Date: Mon, 03 Mar 2003 15:18:32 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I wonder why there's no info on Security Focus about this yet.. Evensendmail seems lax in their disclosure.. On their site they just says:

Sendmail 8.12.8 is available; it contains a fix for a critical securityproblem in header parsing discovered by Mark Dowd of ISS X-Force; we thankISS X-Force for bringing this problem to our attention. Sendmail urges allusers to either upgrade to sendmail 8.12.8 or apply a patch for 8.12.


No other docs on the issue...

On the other hand CERT sure is sending the message loud and clear.. <g>

Thanks Michael for the patch, I'm going to go grap that right now and tossit on the box..

Prev by Date: Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
Next by Date: RE: [cobalt-security] Remote Sendmail Header Processing Vulnerability
Previous by thread: Re: [cobalt-security] Remote Sendmail Header Processing Vulnerability
Next by thread: RE: [cobalt-security] Remote Sendmail Header Processing Vulnerability

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index