Bug 148843 - Vulnerability in Sendmail Prescan bug and more
Summary: Vulnerability in Sendmail Prescan bug and more
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: sendmail
Version: 2.1
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-02-16 04:10 UTC by Need Real Name
Modified: 2007-11-30 22:06 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-02-16 13:21:04 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Need Real Name 2005-02-16 04:10:09 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041107 Firefox/1.0

Description of problem:
Andrew Wilshire from New Zealand reports that a vulnerability scan
performed by an external security vendor has shown that this version
of sendmail is vulnerable to Prescan and Header processing bugs.

No updates available for sendmail on ES2.1.

Can you confirm ?

Version-Release number of selected component (if applicable):
sendmail-8.11.6-28.72

How reproducible:
Always

Steps to Reproduce:
1. Sendmail scan
2.
3.
    

Actual Results:  Vulnerability exist

Expected Results:  No vulnerability.

Additional info:

Comment 1 Mark J. Cox 2005-02-16 13:20:41 UTC
External security vendor has made a mistake; backported patches for
these issues exist in that version of sendmail.  See for example:

https://rhn.redhat.com/errata/RHSA-2003-284.html


Note You need to log in before you can comment on or make changes to this bug.