GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Mar 22, 2006 8:26 pm Post subject: [ GLSA 200603-21 ] Sendmail: Race condition in the handling |
 |
|
Gentoo Linux Security Advisory
Title: Sendmail: Race condition in the handling of asynchronous signals (GLSA 200603-21)
Severity: high
Exploitable: remote
Date: March 22, 2006
Bug(s): #125623
ID: 200603-21
Synopsis
Sendmail is vulnerable to a race condition which could lead to the
execution of arbitrary code with sendmail privileges.
Background
Sendmail is a popular mail transfer agent (MTA).
Affected Packages
Package: mail-mta/sendmail
Vulnerable: < 8.13.6
Unaffected: >= 8.13.6
Architectures: All supported architectures
Description
ISS discovered that Sendmail is vulnerable to a race condition in
the handling of asynchronous signals.
Impact
An attacker could exploit this via certain crafted timing
conditions.
Workaround
There is no known workaround at this time.
Resolution
All Sendmail users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.13.6" |
References
CVE-2006-0058
Sendmail Inc. advisory
Last edited by GLSA on Tue Jun 15, 2010 4:22 am; edited 5 times in total |
|
News & Announcements
