C-Note-07-003: A "Use-after-free" Vulnerability in Sendmail Versions Before 8.13.8 may allow Denial of Service (01/11/07)

A "use-after-free" security vulnerability in sendmail(1M) relating to the handling of long header lines may allow a local or remote unprivileged user to fill up a disk if sendmail(1M) is configured to write unique core files. The core files created by sendmail(1M) would be written to the disk partition configured with coreadmin(M). The ability to consume all available space of a disk partition (which may be the root "/" partition) is a type of denial of service (DoS).

This advisory is posted at: http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1

CIAC would like to thank Sun for this information.