Apple Computer Inc. Information for VU#784980

Sendmail prescan() buffer overflow vulnerability

Status

Affected

Vendor Statement

Mac OS X 10.2.8 contains the patches to address CVE CAN-2003-0694 and CAN-2003-0681 to fix a buffer overflow in address parsing, as well as a potential buffer overflow in ruleset parsing.

Mac OS X 10.2.8 is available as a free update for customers running Mac OS X 10.2.x. It is available from:

Mac OS X Client (updating from 10.2 - 10.2.5):
http://www.info.apple.com/kbnum/n120244

Mac OS X Client (updating from 10.2.6 - 10.2.7):
http://www.info.apple.com/kbnum/n120245

Mac OS X Server (updating from 10.2 - 10.2.5):
http://www.info.apple.com/kbnum/n120246

Mac OS X Server (updating from 10.2.6 - 10.2.7):
http://www.info.apple.com/kbnum/n120247

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

See also: APPLE-SA-2003-09-22.

If you have feedback, comments, or additional information about this vulnerability, please send us email.