Info

Disclosure

Mar 22, 2006

Discovery

Unknown

Dates

Exploit

Mar 22, 2006

Solution

Unknown

Description

Sendmail contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the sm_syslog() function which allows an attacker to pass crafted data to the setjmp(3) and longjmp(3) function causing memory corruption. This can be used to remotely execute arbitrary code without authentication.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 8.13.6 or higher, as it has been reported to fix this vulnerability. In addition, Sendmail has released a patch for some older versions.

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Sendmail, Inc.

Sendmail

References

Credit