Slashdot Mirror

← Back to Stories (view on slashdot.org)

Buffer Overflow in Sendmail

Posted by CmdrTaco on from the put-on-your-hardhat-and-rebuild dept.

ChiefArcher writes "On the footsteps of openssh, Sendmail 8.12.10 has just been released due to a buffer overflow in address parsing. Sendmail states this is potentially remotely exploitable. No updates on the Sendmail site yet, but the FTP site has the release notes."

3 of 478 comments (clear)

  1. Another one? by 1010011010 · · Score: 0, Redundant

    Geez, am I suddenly running MS-Linux? What's up?

    Anyway, updates thoughtfully provided and hosted, ala yesterday, god damn it. PATCH! NOW! Unless you think "arbitrary code execution" is a feature. And NO, I'm not talking about ActiveX.

    --
    Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
  2. Very surprising news. by untaken_name · · Score: 0, Redundant

    A buffer overflow in sendmail? Who woulda thought it?

    --
    http://xkcd.com/386/
  3. Sendmail is a joke by retro128 · · Score: 1, Redundant

    The first thing I do when I install a Linux distro is wipe out sendmail. Running it is simply asking to be broken into. It is old, full of holes, and far past its prime. Why people still run it, I do not know...but it's probably for the same reason they still run BIND.

    The alternatives I prefer to these veritable blocks of swiss cheese are qmail and djbdns (tinydns)

    --
    -R