A vulnerability in sendmail could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root. This vulnerability is different than the one described in CA−2003−12. The email attack vector is message−oriented as opposed to connection−oriented. This means that the vulnerability is triggered by the contents of a specially crafted email message rather than by lower−level network traffic. This is important because an MTA that does not contain the vulnerability may pass the malicious message along to other MTAs that may be protected at the network level. In other words, vulnerable sendmail servers on the interior of a network are still at risk, even if the site's border MTA uses software other than sendmail. Also, messages capable of exploiting this vulnerability may pass undetected through packet filters or firewalls. Depending on platform and operating system architecture, a remote attacker could execute arbitrary code with the privileges of the sendmail daemon. This vulnerability is resolved in Sendmail 8.12.10. Sendmail has also released a patch that can be applied to Sendmail 8.9.x through 8.12.9. Sendmail 8.12.10 is designed to correct malformed messages that are transferred by the server. This should help protect other vulnerable sendmail servers.
Source: http://www.cert.org/advisories/CA−2003−25.html
Source: http://www.cert.org/advisories/CA−2003−25.html
