[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Remote Sendmail Header Processing Vulnerability
- Subject: [cobalt-security] Remote Sendmail Header Processing Vulnerability
- From: Mail List <maillist@xxxxxxxxxxxx>
- Date: Mon, 03 Mar 2003 15:18:32 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I wonder why there's no info on Security Focus about this yet.. Even
sendmail seems lax in their disclosure.. On their site they just says:
Sendmail 8.12.8 is available; it contains a fix for a critical security
problem in header parsing discovered by Mark Dowd of ISS X-Force; we thank
ISS X-Force for bringing this problem to our attention. Sendmail urges all
users to either upgrade to sendmail 8.12.8 or apply a patch for 8.12.
No other docs on the issue...
On the other hand CERT sure is sending the message loud and clear.. <g>
Thanks Michael for the patch, I'm going to go grap that right now and toss
it on the box..