buffer overflow in sendmail

A buffer overflow in sendmail's address parsing routines has been found by Michal Zalewski. The bug appears to be remotely exploitable on Linux and while it will be more difficult to exploit on OpenBSD it still looks to be possible.

The bug has been fixed in OpenBSD-current, OpenBSD 3.4 as well as the 3.2 and 3.3 -stable branches. Additionally, the current 3.4 snapshots also contain the fix. Patches are now available for OpenBSD 3.2 and 3.3

Patch for OpenBSD 3.2:

    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/018_sendmail.patch

Patch for OpenBSD 3.3:

    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch

Note that this is the second revision of the patch that includes an unrelated (and less critical) fix from Sendmail 8.12.10. That fix is not included in OpenBSD 3.4 or the 3.4 snapshots as it can only be triggered by non-standard rulesets.

For more information, please see Michal's advisory:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

    http://www.securityfocus.com/archive/1/337839/2003-09-14/2003-09-20/0

The release notes for Sendmail 8.12.10 also include related information:

    http://www.sendmail.org/8.12.10.html Received on Wed Sep 17 14:17:29 2003