Sendmail is vulnerable to a race condition which could lead to the execution of arbitrary code with sendmail privileges.
|Package||mail-mta/sendmail on all architectures|
|Affected versions||< 8.13.6|
|Unaffected versions||>= 8.13.6|
Sendmail is a popular mail transfer agent (MTA).
ISS discovered that Sendmail is vulnerable to a race condition in the handling of asynchronous signals.
An attacker could exploit this via certain crafted timing conditions.
There is no known workaround at this time.
All Sendmail users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.13.6"
March 22, 2006
March 22, 2006: 01