Sendmail has released an advisory related to a vulnerability in
all versions of sendmail 8 previous to 8.13.6 of this popular MTA.
The advisory includes the commercial versions of products using sendmail.
and it has CVE entry CVE-2006-0058
Impact: the attacker could run arbitrary commands.
Mitigation: upgrade to 8.13.6, apply the patch, or setting the RunAsUser option in the configuration file.
This one looks bad.
Update: as more information becomes available this is starting too look worse.
Patch or upgrade NOW!
Adrien de Beaupre
Mar 22nd 2006
1 decade ago