Sendmail Update for Cobalt RaQ
Posted on: 09/18/2003 06:47 PM

Solarspeed has released sendmail packages for the Cobalt RaQ server appliances

Another vulnerability in Sendmail was announced today which could lead to a root exploit. These patches fix all three recent vulnerabilities which were found in Sendmail:

a.) A "Remote Header Processing Vulnerability" in Sendmail. Attackers may remotely exploit this vulnerability to gain "root" or superuser control of any vulnerable Sendmail server. The full details of this vulnerability are outlined in ISS X-Force's Advisory. This was fixed with Sun Cobalt Patch 16402 and 16429.

b.) Michal Zalewski found a vulnerability in Sendmail versions 8.12.8 and prior which could possibly lead to a remote root exploit. The findings are outline here. This was fixed with Sun Cobalt Patch 16429.

c.) NEW: Michal Zalewski found a vulnerability in Sendmail versions 8.12.9 and prior, which could possibly lead to a remote root exploit. The findings are outline here.

The PKGs above were built with the patches which the Sendmail consortium released to address this issue (patch a / patch b / patch c).

Read more


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/sendmail_update_for_cobalt_raq.html)