• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sendmail Asynchronous Signal Handling Remote Code Execution Vulnerability

References:

• [ BULLETIN ] Potential Vulnerability in Sendmail 8.12 - VU#834865 (Nortel Networks)
  
• 001: SECURITY FIX: March 25, 2006 (OpenBSD)
  
• ASA-2006-074 - sendmail security update (RHSA-2006-0264 & RHSA-2006-0265) (Avaya)
  
• ASA-2006-078 - Sun Alert Notifications from Sun Weekly Report dated Mar 25, 2006 (Avaya)
  
• Corrective Service Security FIX - MH00688 (PTF) (IBM)
  
• Cumulative history and Readme for use with HMC V5 R2 and V5 R2.1 (IBM)
  
• exploiting_sendmail (rapturesecurity.org)
  
• F-Secure Security Bulletin FSC-2006-2 (F-Secure)
  
• HPSBTU02116 SSRT061135 rev.1 - HP Tru64 UNIX and HP Internet Express for Tru64 U (HP)
  
• RHSA-2006:0264-8 - sendmail security update (RedHat)
  
• RHSA-2006:0265-9 - sendmail security update (RedHat)
  
• Sendmail 8.13.6 (Sendmail Consortium)
  
• Sendmail Homepage (Sendmail Consortium)
  
• Sendmail MTA Security Vulnerability (Sendmail)
  
• Sendmail Remote Signal Handling Vulnerability (Internet Security Systems)
  
• Sun Alert ID: 102262 (Sun)
  
• Sun Alert ID: 102324 (Sun)
  
• Technical Cyber Security Alert TA06-081A - Sendmail Race Condition Vulnerability (US-CERT)
  
• Vulnerability Note VU#834865 - Sendmail contains a race condition (US-CERT)