Re: US-CERT Technical Cyber Security Alert TA06-081A -- Sendmail Race Condition Vulnerability (fwd)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 22, 2006 at 10:29:27AM -0800, Kenneth Porter wrote:
> Main alert page: <http://www.kb.cert.org/vuls/id/834865>
> 
> Fedora details: <http://www.kb.cert.org/vuls/id/MIMG-6MPU9N>
> 
> >From the summary:
> 
>   A race condition in Sendmail may allow a remote attacker to execute
>   arbitrary code.
> 
> For those of us accepting mail from outside on pre-FC4 Fedora, are any 
> updates in the pipe to address this?

It sounds like this is an issue with some urgency.  FC3 is using
sendmail-8.13.1-2 and a patch sendmail-8.13.1-VU#834865.patch, which
you can find in sendmail-8.13.1-3.RHEL4.3.src.rpm, applies to this
source without any modificiations.  Not a very big surprise.  So it
is enough to rebuild a corresponding rpm with this patch and you
should be fine.

How this works for earlier versions I do not know.  There is also
sendmail-8.12.11-4.RHEL3.4.src.rpm in RHEL updates and it should be
possible to "recycle" that patch as well.

   Michal

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux