Secunia

A vulnerability has been discovered in Sendmail, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused by a boundary error in "parseaddr.c" caused by a "char" to "int" conversion problem, which results in Sendmail not handling long email addresses containing the extended ASCII character "0xff" correct. A malicious person can exploit this to cause a buffer overflow by constructing an email with a specially crafted email address.

Successful exploitation can potentially allow execution of arbitrary code on the vulnerable system with the privileges of the sendmail process (typically "root").

Note: Internal vulnerable mail servers are also at risk, since a malicious email can be forwarded by an external, non-vulnerable mail server.

The following Sendmail versions have been confirmed vulnerable:
* Sendmail Pro (all versions)
* Sendmail Switch 2.1 prior to 2.1.6
* Sendmail Switch 2.2 prior to 2.2.6
* Sendmail Switch 3.0 prior to 3.0.4
* Sendmail for NT 2.X prior to 2.6.3
* Sendmail for NT 3.0 prior to 3.0.4
* Systems running open-source sendmail versions prior to 8.12.9, including UNIX and Linux systems.

Solution
Some information regarding the vulnerability was disclosed on a public mailing list, before Sendmail.org had released an updated version. Sendmail.org has therefore rushed to issue an updated version, but the various OS vendors have not released any updated packages yet.
Further details available in Customer Area

Provided and/or discovered by
Michal Zalewski

Original Advisory
http://www.sendmail.org/8.12.9.html

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area