Joined: 12 May 2004
|Posted: Wed Mar 22, 2006 8:26 pm Post subject: [ GLSA 200603-21 ] Sendmail: Race condition in the handling
|Gentoo Linux Security Advisory
Title: Sendmail: Race condition in the handling of asynchronous signals (GLSA 200603-21)
Date: March 22, 2006
Sendmail is vulnerable to a race condition which could lead to the
execution of arbitrary code with sendmail privileges.
Sendmail is a popular mail transfer agent (MTA).
Vulnerable: < 8.13.6
Unaffected: >= 8.13.6
Architectures: All supported architectures
ISS discovered that Sendmail is vulnerable to a race condition in
the handling of asynchronous signals.
An attacker could exploit this via certain crafted timing
There is no known workaround at this time.
All Sendmail users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.13.6"
Sendmail Inc. advisory
Last edited by GLSA on Tue Jun 15, 2010 4:22 am; edited 5 times in total