| VID |
18014 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The sendmail server, according to its version number, may be vulnerable to a local buffer overflow allowing local users to gain root privileges.
Sendmail 8.11.0 through 8.11.5, and 8.12.0 beta 0 through beta 18, contain an input validation error in debugging functionality. The vulnerability exists because it is possible to cause a signed integer overflow by supplying a large numeric value for the 'category' part of the debugger arguments. The numeric value is used as an index for the trace vector, and can therefore be used to write within a certain range of proces memory if a negative value is given. Because the '-d' command-line argument is processed before the program drops its elevated privileges, this could allow local users to gain elevated privileges, root privileges.
* References:
http://www.securityfocus.com/bid/3163
http://www.sendmail.org/8.11.html |
| Recommendation |
Upgrade to Sendmail 8.12beta19 or 8.11.6.
This vulnerability is not present in 8.10 or earlier versions. However, as always, we recommend using the latest version. Note that this problem is not remotely exploitable. Additionally, sendmail 8.12 will no longer uses a set-user-id root binary by default.
Updated packages that rectify this issue are available from various vendors:
- Sendmail Consortium upgrade : ftp://ftp.sendmail.org/pub/sendmail/
- S.u.S.E. upgrade : ftp://ftp.suse.com/pub/suse
- Conectiva upgrade : ftp://atualizacoes.conectiva.com.br/
- Caldera upgrade 3.1 : ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1
- Immunix upgrade : http://download.immunix.org/ImmunixOS/7.0/updates/RPMS |
| Related URL |
CVE-2001-0653 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
