The Sourcefire VRT has learned of vulnerabilities affecting hosts using Sendmail and has identified additional attack vectors for
vulnerabilities affecting Microsoft HTML Help Workshop.
A race condition exists in versions of Sendmail, this vulnerability may
allow a remote attacker to execute code of their choosing on an
affected server. A programming error in the way that Sendmail handles
asynchronous signals may allow an attacker to overflow a fixed length
buffer by supplying a large amount of data in an email header.
A rule to detect attacks targeting this vulnerability is included in
this update and is identified as sid 5739.
HTML Help Workshop fails to properly validate file contents before
reading and putting information into a fixed length buffer. A malicious
file may contain information that could overflow the buffer and execute
code on the affected system.
Rules to detect attacks targeting this vulnerability are included in
this update and are identified as sids 5740 and 5741.
A detailed advisory as well as a complete list of modified and deleted
rules is available at
These rules will be available to subscribers only until Monday, April
3, 2006. Subscribers can download the rules at