| VID |
18016 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The Sendmail server allows people to send mail anonymously through the server, through a buffer overflow in the HELO command.
If anyone passes to the smtp server HELO string longer than approx. 1024 bytes, the sender's location and other very useful information will be cropped. This problem may allow bad guys to send hate mail, or threatening mail using the vulnerable server and keep their anonymity. The vulnerability was fixed in sendmail 8.9.0.
* References:
http://www.iss.net/security_center/static/886.php
http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925991&w=2 |
| Recommendation |
Upgrade to version 8.9.x, or the latest version of Sendmail. First, contact your vendor |
| Related URL |
CVE-1999-0098 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
