Sendmail is vulnerable to a race condition which could lead to the execution of arbitrary code with sendmail privileges.
Package | mail-mta/sendmail on all architectures |
---|---|
Affected versions | < 8.13.6 |
Unaffected versions | >= 8.13.6 |
Sendmail is a popular mail transfer agent (MTA).
ISS discovered that Sendmail is vulnerable to a race condition in the handling of asynchronous signals.
An attacker could exploit this via certain crafted timing conditions.
There is no known workaround at this time.
All Sendmail users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.13.6"
Release date
March 22, 2006
Latest revision
March 22, 2006: 01
Severity
high
Exploitable
remote
Bugzilla entries