Bug 148843 - Vulnerability in Sendmail Prescan bug and more
Vulnerability in Sendmail Prescan bug and more
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: sendmail (Show other bugs)
2.1
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-15 23:10 EST by Need Real Name
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-16 08:21:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2005-02-15 23:10:09 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041107 Firefox/1.0

Description of problem:
Andrew Wilshire from New Zealand reports that a vulnerability scan
performed by an external security vendor has shown that this version
of sendmail is vulnerable to Prescan and Header processing bugs.

No updates available for sendmail on ES2.1.

Can you confirm ?

Version-Release number of selected component (if applicable):
sendmail-8.11.6-28.72

How reproducible:
Always

Steps to Reproduce:
1. Sendmail scan
2.
3.
    

Actual Results:  Vulnerability exist

Expected Results:  No vulnerability.

Additional info:
Comment 1 Mark J. Cox (Product Security) 2005-02-16 08:20:41 EST
External security vendor has made a mistake; backported patches for
these issues exist in that version of sendmail.  See for example:

https://rhn.redhat.com/errata/RHSA-2003-284.html

Note You need to log in before you can comment on or make changes to this bug.