March 22nd, 2006, 05:31 PM
Sendmail code execution vuln announced (CVE-2006-0058)
A new race condition affecting versions of Sendmail prior to 8.13.6 has been announced. The risk is it could allow an attacker to execute code.
Vulnerability Note VU#834865
Sendmail contains a race condition
A race condition in Sendmail may allow a remote attacker to execute arbitrary code.
Sendmail is a widely used mail transfer agent (MTA).
Mail Transfer Agents (MTA)
MTAs are responsible for sending an receiving email messages over the internet. They are also referred to as mail servers or SMTP servers.
Sendmail contains a race condition caused by the improper handling of asynchronous signals. In particular, by forcing SMTP server to have an I/O timeout at exactly the correct instant, the attacker may be able to execute arbitrary code with the privileges of the Sendmail process.
More information is available in the Sendmail version 8.13.6 release page and the Sendmail MTA Security Vulnerability Advisory.
Versions of Sendmail prior to 8.13.6 are affected.
A remote, unauthenticated attacker could execute arbitrary code with the privileges of the Sendmail process. If Sendmail is running as root, the attacker could take complete control of an affected system.
This issue is corrected in Sendmail version 8.13.6.
Patches to correct this issue in Sendmail versions 8.12.11 and 8.13.5 are also available
March 22nd, 2006, 08:32 PM
Above thread has been merged as the subject matter is duplicated
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
March 23rd, 2006, 06:01 PM
If that doesnt have malicious intentions all over it. BTW Welcome to AO.
Finally a new sendmail vulnerability
March 23rd, 2006, 11:30 PM
I didn't do it.
March 24th, 2006, 02:48 AM
This is part of the reason why AO is considered to be a "**** hole" by so many.. good, informative, up-to-date news is posted... exactly what should be posted.. and people neg the thread... idiots... and people neg a poster... why... because of the title of his post??? He still posted worthwhile information... it was merged if you read further down.. that's why it was repeated info... The title of his post was originally the title of a thread... sheesh.... this is really sad..
Anyways I've removed the offending post and boosted the status of this with a few well placed greenies..
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
March 24th, 2006, 05:00 AM
Well, it looks like hell has frozen over, the day has finally come when I agree with HT. j/k!
Originally posted here by HTRegz
... people neg the thread... idiots... and people neg a poster... why... because of the title of his post??? He still posted worthwhile information... it was merged if you read further down.. that's why it was repeated info... The title of his post was originally the title of a thread... sheesh.... this is really sad...
That is a major concern of mine. Good threads get screwed because of that very often. Glad to see I am not alone on that one.
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu
, The Art of War
March 24th, 2006, 06:16 AM
I negged him because I don't like him. Had nothing to do with the 'title of his thread' BTW 'Welcome to AO' Ludakot.
and people neg a poster... why... because of the title of his post???
March 25th, 2006, 05:38 AM
This is part of the reason why AO is considered to be a "**** hole" by so many..
Yeah.... ^^ That's the reason AO is becoming a shithole. It's the low quality of members... and of course UNREASONABLE bannings.
I negged him because I don't like him.
March 26th, 2006, 04:46 AM
It's a shithole because of wankers like you. By the way look familiar?
126.96.36.199 Linux Apache/2.0.55 Trustix Secure Linux/Linux mod_ssl/2.0.55 OpenSSL/0.9.7i mod_mono/1.1.13 PHP/5.0.5 mod_python/3.1.4 Python/2.3.5 mod_perl/2.0.0 Perl/v5.8.7
Thats what you think. Proves you don't know ****. Smarter than your assumptions.
It's the low quality of members.