Claus Assmann <[EMAIL PROTECTED]> writes: > We apologize for releasing this information today (2003-03-29) but > we were forced to do so by an e-mail on a public mailing list (that > has been sent by an irresponsible individual) which contains > information about the security flaw. [...] > SECURITY: Fix a buffer overflow in address parsing due to > a char to int conversion problem which is potentially > remotely exploitable. Problem found by Michal Zalewski. > Note: an MTA that is not patched might be vulnerable to > data that it receives from untrusted sources, which > includes DNS.
Since this was publically disclosed before a patch was available, I'm sure a lot of people would be interested in knowing whether attempts to exploit this are detectable in the syslog in sendmail's default configuration. -- Dan Harkless [EMAIL PROTECTED] http://harkless.org/dan/
