Application Development - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Application Development


New Vulnerability in Sendmail Revealed, Patch Available



 By: Larry Seltzer
2003-03-29
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Application Development story.


Rate This Article:
Poor Best
Version 8.12.9 fixes one major, several minor problems. Released earlier than planned due to premature revelation of buffer overflow.

The Sendmail Consortium has released version 8.12.9 of the Sendmail Mail Transfer Agent (SMTP server) after a serious vulnerability having to do with the parsing of addresses was prematurely revealed by a third party.

Resource Library:
As explained on the Sendmail site, the address parsing problem was a buffer overflow with potentially serious consequences. The advisory does not specifically recommend that administrators install the patches, but the use of the term critical security flaw is suggestive.





  Reader Comments: New Vulnerability in Sendmail Revealed, Patch Available
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Application Development Articles          >>> More By Larry Seltzer
 


x}kSH!bCнYv6`ᐥA 8_N?qͬ*6=93ReUfefeeee@λ$i9cr3ݩkj΢.? ![f8TEK ]ߤ~Am;t =4mzNHB}@~cfwK`OS;S uɄZIXQߕ>}~qlv .hvLIlߎPk$ȁ_Mܦ%HCxGu)tC(DHږyDm:^N(W*G 0tTǖþ=a}%S5EhDԤ#|/0ɀYǝFz.Qu^V m׸ڮb'Uƞͨ*{ /B1r!f-{4_M*- Dƞ4HC d!̒JK^`:tm3k> NRY ZSˆ辥{$)5< \g4QL1H6}~8IZ QM%$7 .mqS`?Ķh¹p\.* }= :ԍ۱|$ .j.s&"U-wS&>dRr-2^ʲnMw3a[mѡlطGZ.h5E9*U+^T/[,\hF}޹RQ5MQ.z ? n0uh;\Cry]J Eess^_wU%`ZJG4_::fN{_ x'n9?(ivdڑf1{Pd!XI#/YTU9@f9-Ҿ췯;6OΎ;Sd?ecfy3ժ?T2ؕgxg4X:nN[77VGNפ9i3鐚&tXaV|_kUV1?!aj; dPp9L+pZ| ?'/Wm2 է )H|S:VEqֿ8'} ,-)TtܿG)L,Y`MIp6M2Tc]NjoNP_ ZPĿ"G//;SjZi};Ni$|NI}ѦMޣ8BݘXI70iN{ݧn]=&tfo/*Abχ& ahMi F#m &>vl 8d $(s>w[L,)0( JC=ˋF0P6 = 2/?>aCnH }P(Vr`{)qmNl}h`1 >5g%N\IQ?z[ dSJJds 4.gH)AH =[h ]99 $AvGBjy?mlry swrvn23,BV-KїPf%i2klƪń(VFN1|(0VRx5Vn,`o+GvP#&G#˰` 3G }= 3̲M҄%LlQt0OiH\UɲE0sǾ{,7,kQ2Gl/L+fN(A\_.Ƈ5œL;nlQr`8 0:|Ch2i{MYguϳ-jrǸ%q9an5ډIVBO7cnS^7&++\=PӔ*T218 FLyG ('wJFJV !zh'>eg Hu{o%,j?Jյ݋pz1(ۥa]hk%\?!d[0^Ԣ(/Q|u$"!lsiŰ,B /0|:Cb&^fthQs&u|pö_&TY9f0>2ei[FjeMѪ$٬ X;l d A qFIjJg[lx uꟸCߵ |#7=dqu3$TN )e!\o ZJoX*,qRhjMMmbf(0q 0b=Iߟ{8]W=z,K+i{yaؕ.R\|znN >0zT'@pd`0R=:uouj)ՃY L5 +e iڏ9&_Gƅ Kd*m0ܑk}>eD6'ΜD(MCZ&3 O΁6uT8_-O#BU&DeqӠ8TQƮFA? %hPcfJf-`\.cJrEmxܭSRJ)3LZޙ(@yL2"tn\1$6/Pk .a@C%)& SVbpEBk ZC疪bd&ܔwц.[XR]OqPeУGjq~ᇆ9,#߬0hh<]HjZT&'VQrh_V8Qg7 #UQ@X5Ɂ;7Sc`9{r07`3|x+}|`䓇 ,p |/"yb ėPӕ~i?!} leA{ k ?+[+^>F+ E{h0 qDNuiBE[$ho YZDuUiA -@2sxP< Q`9 N=ߨk 05-O]Uʾ_ٳN_Cg)jf#QL `! 9v}W(,PjOLg5e3ViV))]%f2АjwVh\,_P,2ϼ"u}&2É"9E]ۏ6WVR=>` Tikhƽ b/^ilLabDh "~i_ 1F)W>|6Œ3+l3gSfuq5fP=zǰ:yr"w>UsԳбtNs|oQY,wJA֮N[(7ϰ4S2(E=4!Ӆr 3eE#uya39aؠGsHoR1 0 ZH;}ce(5uRV*X\5 VN 3FYˡYF 3_S~JS->GIպi2RZVRj<*J9MLtM J lKqZCKkL9 -2j=sP9( Kd%3E8@XP9ɷ06njKSXr|MΠ[PHe, ,"zr#)=2 xT&#w111u?|{qiwozՔݷGP$/I4\C2:;Abdzg]ItM?;$%Şv/isϱ0qsѹnt/ 39kw>{=kq m4 }U\8$#.[REø@o9P K1#E1>dt+]=^5[aFۧ(JF@iD*~{!\4?t.ŗlOk~순w.R ~Jz0W䈠]jw>\Dd0srn^G6b `xѤ"bԃcxH/ !B@ ˸t[k,XKs!}=#٠bGkhNئ;+*ؿ+[Z\f·ńB10jNx@ (G@RPOh[#ZyK|83Ğw}-g!:Ua2"(BS.iDO§,>^79S9j6}AFߔ(ί([w?KJ}J_cNoͲxD+%BY3gIg=#$$y 9/wbdBn1x-6ܾN9$4sJd":%;)~ڰOl6V"9G,X-Y+ʦ#/i\A1;'h",G7Dx <3J[L>CT䵴f[YUHO~,j#s81 t H tD=(oY7۸{.zʜ(=}!GzE>sF.Zٽuڻoue'3 CݿNvI]iNw7UzyJ~Vj't:D(jE[e{wC9_U $]doNeVt0&n_%3ٌ<яki^d̠t4s {!.`0.^ ǚu?2ie~W=z i}E)]K5"vW TO&E:%:m֗Fݽ]޿vV5BĬxBwG)3NAH@^jЀN-Gۺ0d]d$0@s]5@Q;s}7uȇN8k阀\D;]qvijjh'O.j`;&\: .N¢ ^| r\W&b <vcKf5sNH)a(=Ac*Zٔ/nRBsXز[ZN]s$›؏vb12O#ɲ{nT5I$)SU^\cNu^/IrtVhDƅuim`[؊*Rb2~C h}JX``2'Qe*VSk=ˊf-nي/oBg40liMN@vUw }jkP\Oc]ɖZg'];3c52pE\N1Ɨ{rc6MS˜'浥J-ݑI1^Q(/a'8{gۮ)> +cxѱq>ɒʒJZҾ?~ED{1b5^ *3_s&ҍHscR]hϢdS1 sUa\=VqjDo8>/*mЕzgolxI] 阉(Ȃ6,wH0ĵCr$EbPAS;+OHZq ƧhOml^ZKD7G210_|Mzx ԁ˲ ] s;R_%SIo몺jښa[9]t`/$ aA;DCY3k_l/kC>}yˇӎt޼@LTm[Gӻ8"@"$rPTE)[>qܓ(akؐC^̗s$J|s׸cxIkTu$=ט1 C@"H .Az=Vi)dh<҆\N3ZRYz@Ι/xpq>5IVUtK`!MZh!i!Sey=%ű$][- AlLxHmƒ !g ])MޞyznF1s'G׷y>yg\? A@$DҀb`kJ${aزEAZ.VȞaݖÝbA黦>_Û:$!aR, ivn{cҢ#V(\/0Bj_[z`WXW"t'"/`z̘ b\aq qt `Gلh) _"5M6ԝS@"=ke7{uG\ 9TA +V4ק ^ZOƳA|oFLGXIK=:uRJ.5e=GA5«;jD+*]A3C_] Y>gnշ;zRl1%X uG#hq#\,+27MG^п qb<[뽈GGde }Dz5`j9V7F]#jX6_ȅ 98L\O?D%RDC/|ŕ{[dp=s1!v^B/I, l߼O#۩,TR oi[o6௶auz^'}`+Z~mĬө{G+eY3Zn}-RgGg[]܃y{YKj:&oDJD:`ѿ%E?┉fae? %3]N5TO0q"K)z^&]ݽ]s|Ns-E yKH>W-IE fG Wjd=I_E [ -r= T?^<=G 'Y@ aNE7M_'͆xq{Q#D"PR|HU9 &  gx#-o>A5Rhs̴5̈Gbo=!Kk&t];xb]<u3 Y<57SYz3xb(^4s˞x!ƄC[TSvXśK]2E@#Z£ 4,\ #BπTa ̓di]Rֽu(/9 .ؕ՚Tھ fOPVT99?O}cHX\k|z`g`Edcu #~V`}{Na<=ϙt堼rO}TK[\JH`o2o)ߤN|rP[}1W-veqMC/Ԯ}j15 `᷍ \̉R&Hۡ$Z[.gн<#F }Fsg{1~": S\YrVfgh Yqc[VjJYb0 ":;Kf:ǰzݱ=#cIy԰txG*F¯R/~%rUq{Vak`Ӆ'^=|ɈVs%,.>M_cB~c-c |)oO L5! H!YYv' ?]OpY}XC3 L^\}­RA)oR[%*0;"]nS c:&:E* $N t7%eRSEڱTs ?< Pm̼ϴDGRSX}o Tcb2zZ׀g"ܐU"a=X *>nde2GjLlG:nٱf\oz~}C{ };C}m!Ln}T:;QGAh.at{~ 'lI=0W)^  [zqeL\ cC~!M}ScP9$#MYr Qo|)J ^!;9'pp\pr@KJ+2&Bs8A_{=&n[ք aNJatamDRRiFct߰Þ1;mz^EJl/u cZ|E"{X#&3)-;9P_AGW :]N*@`g*?-G,(ϩpk|a/xa 3 s`EP.\LM\XIqw'+W!&m6Z=[]:ovNի'P=:Y؅C)s!aZ;:_|LR ] 4Bq0h𠔴W*vtE 1ºޛXF #}AaP8Z  +z+5'I]S@)9#{˪<nV?w-4W PRx  V #v(CT(#&a'ɵ?ѝXF 9^&9nIqst/x4 Zѷh+lԭsm}9^}9\;Ba&hL߲s}e)|Q)X7KGYFyfvʌPN:cͅf1.ys8,tG_0}4e8q'Q?B)f}Y Q㗾9 [mBfu|j%om8Ggg:- UN{0.8SL^}'vԼVxyxS? _C&pj3 ݜrР)?@|OPi}Y8/ N+g:9NN? /Pe}9?ρiȃȡ">E9yyß(9_~9gP~S7([N_^%e\]_O7GtAtsU\A?9{9^}~X_ S}y>>oʁorڿi&s$CP̑.Ny甗 ~)W@_կ<4sYE~vïX^йR*4ˑ Kҿw2~62A\t[u CFWz^S_x;Iլ 6 Ȧc 4rk 7[y@YII{2}tEOi>r𞫫i@Lwe<-cENZ9.~QFxdB$dZc+mFDtLQUb> #r75i jŭxg?9/ydֺ+_F+p'k͠6K(WL1y}2oفOh] /+6:7q3[ Èàs H?x #|@//gu>؃Я Ҿl3K쓭ú>a=^*gB8D#W@jer Er!<螩z$J# =nqgnu-7J}MW[TJ f{D8jUUEVjrp` VQUrF(xeh[v2joVS' yV8n[zQ?"z5>[xcz 5UXmBRH6T<gu~o'2@?o 7Xi, v2W!+CI^f|1@ԺdFRL߰m7g@oJ`Xk4Dyu#Dw5g3Σ̯Mڞ3w@5i;ݙ)a,<BB¹|8=;ztF"4 ]3CK5 D =bj&gj%xo3B{PSr(pIeh)ge&'?Ihbv]!6 R Ň%?13{`Av= p590Dѽ9V,|vr.iG&lE[0FK`+94Ǟ"(πħ%>f:2Ş_ =6}`oPn2!%؉GCuhJ .\~W,){+z#cE Vj vME\kτwspj&}#ϘmcTF\|gȌQ)xރw Qf7k km"x*A߮ed#W B㑸| ,* )_HQ0^R lsmq퀗5{ۭtߘHmgX|@ărR{Dt.sE:,sDŻ7LU"zʴtDqKNޒۍƾ8 ;>>=qb<#归u\*4jRJҍHIh/>~ElC~#Og ϿaHO)t&I`Q' 1|j;;1Te]XQYɶy S~n^O(#oݒ珸6x}ư҄ ]@1SpY ѫv>cx 'L}.xu A]?_vs[>/৲_%i#$W @ =(ۊnfTU^{ QAbfB#q삢U.nDfgajn,eH}+qd.GDI IZ']ZD!hXrE"O q~ mf fE1[Rj8gɄn~ӧf<˜4W6IĶqytc~ږ10#Ÿrzsbb#"aF!%׫rulP/yc|[w00jPLP>9-z0~ L\KkÐüpa#fS {߂ Tj}XXC`*F"Z*bJ؉ZIpR!#79=Ih>e3C7Dn0Br d[\Oօuv\j/cY4~1<99.@OI"c؛bg_yRϸȅ^`\YBCX]弽t'Nꇿe_:m^tοJ{`ggɳFk;zvQK=hy6xL guUhT;IxdM_l+:cSEᘸe=9PkyQ'b(56lS24K_hjvc})MCS9U/k +q>lgLp -ϱ=RZ`'l/Z6v? N