August 23, 2001

Sendmail local root vulnerability

Author: JT Smith

Posted at LWN.net: "Sendmail is a largely used Mail Transfer Agent (MTA).
Versions between (and including) 8.10.0 and 8.11.5 and some 8.12 beta
versions have a local vulnerability that allows a local attacker to
obtain root privileges.
Cade Cairns from Security Focus discovered an input validation error
in sendmail's debugging functionality. The function that handles the
"-d" command line option uses a signed integer for that value and
uses it as an index to an internal vector. This function does not
check for negative values of this index, which allows a local
attacker to cause a signed integer overflow by supplying large
numbers to this parameter which can be used to write data outside
that vector."

Category:

  • Linux
Click Here!