Old Sendmail 8.7.*
------------------

CVE:
CVE-1999-0131

Details:
A really old version of Sendmail was found running. Numerous bugs are known to
exist in these versions:

 - Possible to insert newlines into the queue file, allowing local non-root
users to escalate privileges.
 - Resource starvation which forces getpwuid to fail, causing Sendmail to run
programs as the default user.
 - A buffer overflow exists in GECOS field handling, allowing for local
non-root users to escalate privileges.

Fix:
Upgrade to the latest version of Sendmail. 


Related URLs:
http://www.securityfocus.com/bid/717
http://www.atstake.com/research/advisories/1996/sendmail_875_advisory.txt
http://www.cert.org/advisories/CA-1996-20.html
http://www.sendmail.org/

$Id: sendmail8-7,v 1.1 2001/06/29 22:07:22 loveless Exp $
