| VID |
18046 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The Sendmail server, according to its version, is vulnerable to a buffer overflow attack via a certain formatted address fields.
Sendmail is a MTA (mail transfer agent) used on many Unix-based operating systems. Sendmail versions 5.2 to 8.12.7 are vulnerable to a static buffer overflow in the code that processes mail header fields. Sendmail implements several security checks to ensure that characters are parsed correctly. Specifically, when fields are encountered that contain addresses or lists of addresses (such as the "From" field, "To" field and "CC" field), Sendmail attempts to semantically evaluate whether the supplied address (or list of addresses) are valid. One such security check is flawed, making it possible for a remote attacker to send an email with a specially crafted address field that triggers a buffer overflow. By sending an email with a specially-crafted "From", "To", or "CC" header field, a remote attacker can bypass the "skipping" mode email header check and overflow a buffer to gain root access to the affected system.
* Note: Due to the following reasons, this may or may not be considered a security risk in your environment (i.e. It may be a false positive):
1. This check solely relied on the version number of the remote Sendmail server to assess this vulnerability.
2. The version number of the Sendmail server is based on the standard Sendmail distribution released by the Sendmail Consortium.
* References:
http://www.cert.org/advisories/CA-2003-07.html
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
http://www.sendmail.org/8.12.8.html
http://www.kb.cert.org/vuls/id/398025
* Platforms Affected:
Unix Any version
HP HP-UX 10.10,10.20,11.04,11.0,11.11,11.22
Solaris 2.6, 7, 8 and 9
FreeBSD < 4.8-RELEASE
FreeBSD < 5.0-RELEASE-p4
FreeBSD-stable prior to 2003-03-03
IRIX 6.5.19 and prior
Linux Any version
Mandrake Linux 7.2, 8.0, 8.1, 8.2, 9.0
Mandrake Linux Corporate Server 1.0.1
Red Hat Linux 6.2, 7.x, Linux 8.0 |
| Recommendation |
Upgrade to the latest version of Sendmail (8.12.8 or later), or apply the appropriate patch for your system, available from the Sendmail Web site, http://www.sendmail.org/8.12.8.html
For Sun Solaris:
Apply the appropriate patch for your system, as listed in Sun Security Advisory VU#398025, http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/51181
For SGI IRIX:
Upgrade to the latest version of IRIX (6.5.20 or later), or apply the appropriate patch for your system, as listed in SGI Security Advisory 20030301-01-P, ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
For Red Hat Linux:
Upgrade to the latest sendmail package, as listed below. Refer to Red Hat Security Advisory RHSA-2003:073-06 for more information, http://www.redhat.com/support/errata/RHSA-2003-073.html
Red Hat 6.2: 8.11.6-1.62.2 or later
Red Hat 7.0: 8.11.6-23.70 or later
Red Hat 7.1: 8.11.6-23.71 or later
Red Hat 7.2: 8.11.6-23.72 or later
Red Hat 7.3: 8.11.6-23.73 or later
Red Hat 8.0: 8.12.8-1.80 or later
For FreeBSD:
Upgrade to the latest version of FreeBSD (4-STABLE or later) or to the RELENG_5_0, RELENG_4_7, or RELENG_4_6 dated after 2003-03-03 security branch, as listed in FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail .smrsh, ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc
For Mandrake-Linux:
Upgrade to the latest sendmail package as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2003:028 for more information, http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:028
Linux-Mandrake 7.2: 8.11.0-4.2mdk or later
Mandrake Linux 8.0 and 8.1: 8.11.6-4.4mdk or later
Mandrake Linux 8.2: 8.12.1-4.2mdk or later
Mandrake Linux 9.0 and Corporate Server 2.1: 8.12.6-3.2mdk or later
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2002-1337 (CVE) |
| Related URL |
6991 (SecurityFocus) |
| Related URL |
10748 (ISS) |
|
