Sendmail: Race condition in the handling of asynchronous signals — GLSA 200603-21

Sendmail is vulnerable to a race condition which could lead to the execution of arbitrary code with sendmail privileges.

Affected Packages

mail-mta/sendmail on all architectures
Affected versions < 8.13.6
Unaffected versions >= 8.13.6

Background

Sendmail is a popular mail transfer agent (MTA).

Description

ISS discovered that Sendmail is vulnerable to a race condition in the handling of asynchronous signals.

Impact

An attacker could exploit this via certain crafted timing conditions.

Workaround

There is no known workaround at this time.

Resolution

All Sendmail users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-mta/sendmail-8.13.6"

References

Release Date
March 22, 2006

Latest Revision
March 22, 2006: 01

Severity
high

Exploitable
remote

Bugzilla entries