| VID |
18019 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The sendmail server, according to its version number, is running a version of Sendmail earlier than 8.7.6. There are two vulnerabilities in all versions of sendmail up to and including sendmail 8.7.5. The first vulnerability is a resource starvation problem and the second is a buffer overflow problem. By supplying Sendmail with a very large GECOS field, a local user can overflow a buffer and execute arbitrary code on the computer, possibly compromising root privileges.
* Note: Due to the following reasons, this may or may not be considered a security risk in your environment (i.e. It may be a false positive):
1. This check solely relied on the version number of the remote Sendmail server to assess this vulnerability.
2. The version number of the Sendmail server is based on the standard Sendmail distribution released by the Sendmail Consortium.
* References:
http://www.cert.org/advisories/CA-96.20.sendmail_vul.html
http://www.iss.net/security_center/static/428.php |
| Recommendation |
Upgrade to the latest version of Sendmail (8.12.2 or later), available from the Sendmail Consortium Web site, http://www.sendmail.org/ |
| Related URL |
CVE-1999-0131 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
