Author: JT Smith
Posted at LWN.net: “Sendmail is a largely used Mail Transfer Agent (MTA).
Versions between (and including) 8.10.0 and 8.11.5 and some 8.12 beta
versions have a local vulnerability that allows a local attacker to
obtain root privileges.
Cade Cairns from Security Focus discovered an input validation error
in sendmail’s debugging functionality. The function that handles the
“-d” command line option uses a signed integer for that value and
uses it as an index to an internal vector. This function does not
check for negative values of this index, which allows a local
attacker to cause a signed integer overflow by supplying large
numbers to this parameter which can be used to write data outside
that vector.”
Versions between (and including) 8.10.0 and 8.11.5 and some 8.12 beta
versions have a local vulnerability that allows a local attacker to
obtain root privileges.
Cade Cairns from Security Focus discovered an input validation error
in sendmail’s debugging functionality. The function that handles the
“-d” command line option uses a signed integer for that value and
uses it as an index to an internal vector. This function does not
check for negative values of this index, which allows a local
attacker to cause a signed integer overflow by supplying large
numbers to this parameter which can be used to write data outside
that vector.”
Category:
- Linux
