From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Description of problem: Andrew Wilshire from New Zealand reports that a vulnerability scan performed by an external security vendor has shown that this version of sendmail is vulnerable to Prescan and Header processing bugs. No updates available for sendmail on ES2.1. Can you confirm ? Version-Release number of selected component (if applicable): sendmail-8.11.6-28.72 How reproducible: Always Steps to Reproduce: 1. Sendmail scan 2. 3. Actual Results: Vulnerability exist Expected Results: No vulnerability. Additional info:
External security vendor has made a mistake; backported patches for these issues exist in that version of sendmail. See for example: https://rhn.redhat.com/errata/RHSA-2003-284.html