bsmtpd -- missing input sanitising

2005-02-25T00:00:00
ID DSA-690
Type debian
Reporter Debian
Modified 2005-02-25T00:00:00

Description

Bastian Blank discovered a vulnerability in bsmtpd, a batched SMTP mailer for sendmail and postfix. Unsanitised addresses can cause the execution of arbitrary commands during alleged mail delivery.

For the stable distribution (woody) this problem has been fixed in version 2.3pl8b-12woody1.

For the unstable distribution (sid) this problem has been fixed in version 2.3pl8b-16.

We recommend that you upgrade your bsmtpd package.