| VID |
18026 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The sendmail server, according to its version number, may be vulnerable to the MIME buffer overflow attack.
A security vulnerability in the MIME handling code of Sendmail 8.8.0 and 8.8.1 has been discovered that allows remote users to execute arbitrary commands with root privileges. This problem is similar but unrelated to the MIME overflow in 8.8.3/8.8.4. Versions prior to Version 8.8.0 do not contain this vulnerability. Versions prior to 8.8.0 contain other unrelated vulnerabilities.
This vulnerability is exploited by sending a carefully crafted electronic mail message to the system running the vulnerable version of sendmail, and may be exploited on systems despite the presence of firewalls and other boundary protective measures.
* References:
http://www.iss.net/security_center/static/1836.php
ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.06a.sendmail.8.8.0-8.8.1.Vulnerability |
| Recommendation |
This problem was fixed in versions of Sendmail after 8.8.1, but it is recommended users always install the latest release available. |
| Related URL |
CVE-1999-0206 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
