Author: JT Smith
Posted at LinuxSecurity.com: “Sendmail contains an input validation error which may lead to the
execution of arbitrary code with elevated privileges by local users.
Due to the improper use of signed integers in code responsible for the
processing of debugging arguments, a local user may be able to supply
the signed integer equivalent of a negative value supplied to
sendmail’s “trace vector”. This may allow a local user to write data
anywhere within a certain range of locations in process memory.
Because the ‘-d’ command-line switch is processed before the program
drops its elevated privileges, the attacker may be able to cause
arbitrary code to be executed with root privileges.”
execution of arbitrary code with elevated privileges by local users.
Due to the improper use of signed integers in code responsible for the
processing of debugging arguments, a local user may be able to supply
the signed integer equivalent of a negative value supplied to
sendmail’s “trace vector”. This may allow a local user to write data
anywhere within a certain range of locations in process memory.
Because the ‘-d’ command-line switch is processed before the program
drops its elevated privileges, the attacker may be able to cause
arbitrary code to be executed with root privileges.”
Category:
- Linux
