A buffer overflow in address parsing due to char to int conversion has been discovered in sendmail by Michal Zalewski. For more information on the bug, please see: http://www.cert.org/advisories/CA-2003-12.html http://www.securityfocus.com/archive/1/316773/2003-03-28/2003-04-03/0 As shipped, OpenBSD runs a sendmail that binds only to localhost, making this a localhost-only hole in the default configuration. However, any sendmail configuration that accepts incoming mail may potentially be exploited. It is worth noting that the ProPolice stack protector (http://www.trl.ibm.com/projects/security/ssp/) that will ship with OpenBSD 3.3 would have protected a system from an attacker trying to exploit this bug. The sendmail in OpenBSD-current (and OpenBSD 3.3) has been updated to version 8.12.9 which includes a fix for this problem. The 3.1 and 3.2 -stable branches have had a patch applied that fixes the buffer overflow. However, because the -stable branches have the specific vulnerability patched (as opposed to the full 8.12.9 distribution), sendmail on -stable will report the old sendmail version. Patch for OpenBSD 3.1: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/027_sendmail.patch Patch for OpenBSD 3.2: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/014_sendmail.patch Patches for older versions of sendmail may be found at ftp://ftp.sendmail.org/pub/sendmail/
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.