Sendmail race condition issue CERT has reported a race condition issue in sendmail which may lead to arbitrary remote code execution. CERT has assinged this issue the name VU#834865
attachment 125842 [details] is the proposed patch from CERT To quote CERT regarding this patch: A patch to correct this issue in sendmail versions 8.13 is provided below. The patch also eliminates potential integer overflows in how sendmail handles message headers. This patch was prepared manually by Sendmail and in our experience will generate warnings about offsets. We've discussed this with Sendmail and believe it to be harmless. Aside from that, CERT/CC has not verified this patch, what issues are corrected, and how those issues are corrected.
This issue is now public: http://www.sendmail.org/8.13.6.html
This also affects FC5....
sendmail-8.13.6-0.FC4.1 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
So what about FC5?
FC5 is being fixed by sendmail-8.13.6-0.FC5.1 FEDORA-2006-193 The FC5 update has been pushed, it should appear on mirrors shortly.
Thanks.