A critical vulnerability has been identified in Sendmail, which could be exploited by remote attackers or network worms to take complete control of an affected system [...]
Affected Products
Sendmail version 8.13.5 and prior
Sendmail version 8.12.11 and prior
Sendmail Sentrion versions 1.1
Sendmail Switch versions 2.x (Solaris, Linux, AIX, and HP-UX)
Sendmail Switch versions 3.0.x (Solaris, Linux, AIX, and HP-UX)
Sendmail Switch versions 3.1.x (Solaris, Linux, AIX, and HP-UX)
Sendmail Managed MTA versions 2.x (Solaris, Linux, AIX, and HP-UX)
Sendmail Managed MTA versions 3.0.x (Solaris, Linux, AIX, and HP-UX)
Sendmail Managed MTA versions 3.1.x (Solaris, Linux, AIX, and HP-UX)
Sendmail Multi-Switch versions 2.x (Solaris, Linux, AIX, and HP-UX)
Sendmail Multi-Switch versions 3.0.x (Solaris, Linux, AIX, and HP-UX)
Sendmail Multi-Switch versions 3.1.x (Solaris, Linux, AIX, and HP-UX)
Sendmail Message Store/SAMS versions 1.2.x (Solaris, Linux, AIX, and HP-UX)
Sendmail Message Store/SAMS versions 2.0.x (Solaris, Linux, AIX, and HP-UX)
Sendmail Message Store/SAMS versions 2.1.x (Solaris, Linux, AIX, and HP-UX)
Sendmail Message Store/SAMS versions 2.2.x (Solaris, Linux, AIX, and HP-UX)
Intelligent Quarantine version 3.0 (Solaris or Linux)
Credits
Vulnerability reported by Mark Dowd
ChangeLog
2006-03-22 : Initial release
2006-03-23 : Updated Advisory
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
