Sendmail Debugger Arbitrary Code Execution Vulnerability

Solution:
Below is a statement from the Sendmail Consortium regarding this issue:

--------------------
This vulnerability, present in sendmail open source versions between 8.11.0 and 8.11.5 has been corrected in 8.11.6. sendmail 8.12.0.Beta users should upgrade to 8.12.0.Beta19. The problem was not present in 8.10 or earlier versions. However, as always, we recommend using the latest version. Note that this problem is not remotely exploitable. Additionally, sendmail 8.12 will no longer uses a set-user-id root binary by default.
--------------------

Apple OS X 10.1.5 is no longer vulnerable to this issue. Users should upgrade with the Software Update feature, or visit Apple's Software Downloads web page: http://www.info.apple.com/support/downloads.html

Updated packages that rectify this issue are available from various vendors:


HP hplx-sendmail 1.0 -1

Sendmail Consortium Sendmail 8.11

Sendmail Consortium Sendmail 8.11.1

Sendmail Consortium Sendmail 8.11.2

Sendmail Consortium Sendmail 8.11.3

Sendmail Consortium Sendmail 8.11.4

Sendmail Consortium Sendmail 8.11.5

Sendmail Consortium Sendmail 8.12 beta10

Sendmail Consortium Sendmail 8.12 beta5

Sendmail Consortium Sendmail 8.12 beta16

Sendmail Consortium Sendmail 8.12 beta7

Sendmail Consortium Sendmail 8.12 beta12


 

Privacy Statement
Copyright 2010, SecurityFocus