Nessus Plugin #15094
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[DSA257] DSA-257-1 sendmail
- Family:
- Debian Local Security Checks
- Category:
- infos
- Copyright:
- This script is (C) 2004 Michel Arboi
- Summary:
- DSA-257-1 sendmail
- Version:
- $Revision: 1.4 $
- Cve_id:
- CVE-2002-1337
- Bugtraq_id:
- -
- Xrefs:
- DSA:257, CERT:398025
- Description:
Mark Dowd of ISS X-Force found a bug in the header parsing routines
of sendmail: it could overflow a buffer overflow when encountering
addresses with very long comments. Since sendmail also parses headers
when forwarding emails this vulnerability can hit mail-servers which do
not deliver the email as well.
This has been fixed in upstream release 8.12.8, version 8.12.3-5 of
the package for Debian GNU/Linux 3.0/woody and version 8.9.3-25 of the
package for Debian GNU/Linux 2.2/potato.
DSA-257-2: Updated sendmail-wide packages are available in package
version 8.9.3+3.2W-24 for Debian 2.2 (potato) and
version 8.12.3+3.5Wbeta-5.2 for Debian 3.0 (woody).
Solution : http://www.debian.org/security/2003/dsa-257
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.