1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200512-05 / xmail |
| Release Date | December 14, 2005 |
| Latest Revision | December 14, 2005: 01 |
| Impact | high |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| mail-mta/xmail | < 1.22 | >= 1.22 | All supported architectures |
Related bugreports: #109381
The sendmail program in Xmail is vulnerable to a buffer overflow, potentially resulting in local privilege escalation.
Xmail is an Internet and intranet mail server.
iDEFENSE reported that the AddressFromAtPtr function in the sendmail program fails to check bounds on arguments passed from other functions, and as a result an exploitable stack overflow condition occurs when specifying the "-t" command line option.
A local attacker can make a malicious call to sendmail, potentially resulting in code execution with elevated privileges.
There is no known workaround at this time.
All Xmail users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/xmail-1.22" |