Sendmail vuln
Update: The best writeup that we've found for this is http://xforce.iss.net/xforce/alerts/id/216. Also, Sun has has released a bulletin here, but they claim that Solaris 8 is unaffected (currently that platform is running sendmail 8.11.7). From reading the other advisories, I believe that this information may be incorrect and the Solaris 8 may be affected since the vulnerability applies to all versions prior to 8.13.6. --Jim Clausing
Update 2: 2006-03-24 19:21 UTC - Sun has updated the advisory and will be providing patches for Solaris 8 as well. Thank you, Sun. --JAC
Sendmail has released an advisory related to a vulnerability in all versions of sendmail 8 previous to 8.13.6 of this popular MTA. The advisory includes the commercial versions of products using sendmail.
http://www.sendmail.com/company/advisory/
and it has CVE entry CVE-2006-0058
Impact: the attacker could run arbitrary commands.
Mitigation: upgrade to 8.13.6, apply the patch, or setting the RunAsUser option in the configuration file.
This one looks bad.
Sendmail.org
Secunia
Update: as more information becomes available this is starting to look worse.
Patch or upgrade NOW!
Cheers,
Adrien
Update 2: 2006-03-24 19:21 UTC - Sun has updated the advisory and will be providing patches for Solaris 8 as well. Thank you, Sun. --JAC
Sendmail has released an advisory related to a vulnerability in all versions of sendmail 8 previous to 8.13.6 of this popular MTA. The advisory includes the commercial versions of products using sendmail.
http://www.sendmail.com/company/advisory/
and it has CVE entry CVE-2006-0058
Impact: the attacker could run arbitrary commands.
Mitigation: upgrade to 8.13.6, apply the patch, or setting the RunAsUser option in the configuration file.
This one looks bad.
Sendmail.org
Secunia
Update: as more information becomes available this is starting to look worse.
Patch or upgrade NOW!
Cheers,
Adrien
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments