| VID |
18018 |
| Severity |
30 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The sendmail server, according to its version number, is running a version of Sendmail earlier than 8.12.1. Sendmail versions 8.12.0 and earlier are vulnerable to a denial of service attack, caused by a vulnerability when users are allowed to run the queue. A local attacker can set the initial message hop count to a large number greater than the allowed limit to force Sendmail to drop the queue count. If exploited, an attacker can cause a data loss/denial of service.
* Note: Due to the following reasons, this may or may not be considered a security risk in your environment (i.e. It may be a false positive):
1. This check solely relied on the version number of the remote Sendmail server to assess this vulnerability.
2. The version number of the Sendmail server is based on the standard Sendmail distribution released by the Sendmail Consortium.
* References:
http://www.iss.net/security_center/static/7190.php
http://www.securityfocus.com/bid/3378 |
| Recommendation |
Upgrade to the latest version of Sendmail (8.12.2 or later), available from the Sendmail Consortium Web site, http://www.sendmail.org/ |
| Related URL |
CVE-2001-0714 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
