From owner-freebsd-security Mon Mar 3 9:43:33 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5517437B405 for ; Mon, 3 Mar 2003 09:43:31 -0800 (PST) Received: from meitner.wh.uni-dortmund.de (meitner.wh.Uni-Dortmund.DE [129.217.129.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id E59A043FA3 for ; Mon, 3 Mar 2003 09:43:28 -0800 (PST) (envelope-from michaelnottebrock@gmx.net) Received: from lofi.dyndns.org ([10.3.12.105]) by meitner.wh.uni-dortmund.de (8.10.2/8.10.2/SuSE Linux 8.10.0-0.3) with ESMTP id h23HhRc30067 for ; Mon, 3 Mar 2003 18:43:27 +0100 X-Authentication-Warning: meitner.wh.uni-dortmund.de: Host [10.3.12.105] claimed to be lofi.dyndns.org Received: from kiste.my.domain (kiste.my.domain [192.168.8.4]) (authenticated bits=0) by lofi.dyndns.org (8.12.6/8.12.6) with ESMTP id h23HhQRP045325 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Mon, 3 Mar 2003 18:43:26 +0100 (CET) (envelope-from michaelnottebrock@gmx.net) From: Michael Nottebrock To: freebsd-security@freebsd.org Subject: sendmail vulnerability? Date: Mon, 3 Mar 2003 18:43:20 +0100 User-Agent: KMail/1.5 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_9Q5Y+RJJQd2qSuc"; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200303031843.25553.michaelnottebrock@gmx.net> X-Virus-Scanned: by amavisd-new Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Boundary-02=_9Q5Y+RJJQd2qSuc Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline https://rhn.redhat.com/errata/RHSA-2003-073.html Excerpt: "During a code audit of Sendmail by ISS, a critical vulnerability was uncovered that affects unpatched versions of Sendmail prior to version 8.12.8. A remote attacker can send a carefully crafted email message which, when processed by sendmail, causes arbitrary code to be executed as root." Is FreeBSD's sendmail affected? =2D-=20 Regards, Michael Nottebrock --Boundary-02=_9Q5Y+RJJQd2qSuc Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+Y5Q9Xhc68WspdLARAr3hAJ0WrfDJSoNXmq7epZklyr4Wu53rtQCfZsY5 rB7wcfBvutekf0Z3EEqwQwM= =b/jB -----END PGP SIGNATURE----- --Boundary-02=_9Q5Y+RJJQd2qSuc-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message