Old Sendmail 8.10.*
-------------------

CVE:
CAN-2000-0319, CAN-2000-0506


Details:
An old version of Sendmail was found running. Numerous bugs are known to
exist in these versions:

 - Local DoS as some snprintf() fail to null-term the string.
 - Setuid failing problem (on Linux 2.2.12-2.2.16pre5).
 - Solaris Content-length field mailbox corruption.
 - Some SMTP auth mechanisms cause information leaks.
 - AIX 4.x has dangerous linker semantics.
 - Local root via a buffer overflow in mail.local when compiled with 
-DCONTENTLENGTH flag under Solaris.


Fix:
Upgrade to the latest version of Sendmail. 


Related URLs:
http://www.securityfocus.com/bid/1146
http://www.securityfocus.com/bid/1429
http://www.sendmail.org/

$Id: sendmail8-10,v 1.1 2001/07/02 14:49:28 loveless Exp $
