| VID |
18051 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The Sendmail server, according to its version, is vulnerable to a buffer overflow(2) attack via a certain formatted address fields.
Sendmail is a MTA (mail transfer agent) used on many Unix-based operating systems. Sendmail versions 5.2 to 8.12.8 are vulnerable to a buffer overflow in the code that processes mail header fields. The prescan function in Sendmail before 8.12.9 is responsible for breaking up, or "tokenizing" components of an email address so it can be properly processed. This function has a flaw that does not adequately check the length of email addresses. It is possible for an attacker to construct a long string that is specifically designed to bypass these checks and overflow data and arbitrary code onto the stack. By sending an email with a specially-crafted "From", "To", or "CC" header field, a remote attacker can overflow a buffer to gain root access to the affected system.
* Note: Due to the following reasons, this may or may not be considered a security risk in your environment (i.e. It may be a false positive):
1. This check solely relied on the version number of the remote Sendmail server to assess this vulnerability.
2. The version number of the Sendmail server is based on the standard Sendmail distribution released by the Sendmail Consortium.
* References:
http://marc.theaimsgroup.com/?l=bugtraq&m=104897487512238&w=2
http://lists.netsys.com/pipermail/full-disclosure/2003-March/008973.html
http://marc.theaimsgroup.com/?l=bugtraq&m=104896621106790&w=2
http://www.cert.org/advisories/CA-2003-12.html
http://www.kb.cert.org/vuls/id/897604
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc
http://www.redhat.com/support/errata/RHSA-2003-120.html
http://www.redhat.com/support/errata/RHSA-2003-121.html
http://marc.theaimsgroup.com/?l=bugtraq&m=104914999806315&w=2
* Platforms Affected:
Sendmail Pro (all versions)
Sendmail Switch 2.1 prior to 2.1.6
Sendmail Switch 2.2 prior to 2.2.6
Sendmail Switch 3.0 prior to 3.0.4
Sendmail for NT 2.X prior to 2.6.3
Sendmail for NT 3.0 prior to 3.0.4
Open-source Sendmail versions prior to 8.12.9
IBM AIX
OpenBSD
Sun Solaris 2.6, 7, 8 and 9
Red Hat Linux
Conectiva Linux
SuSE Linux
Slackware
Gentoo Linux |
| Recommendation |
Upgrade to the latest version of Sendmail (8.12.9 or later), or apply the appropriate patch for your system, available from the Sendmail Web site, http://www.sendmail.org/8.12.9.html
For Sun Solaris:
Apply the appropriate patch for your system, as listed in Sun Security Advisory VU#897604, http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/52620
For IBM AIX:
Apply the appropriate patch for your system, available from the IBM ftp site, ftp://ftp.software.ibm.com/aix/efixes/security/sendmail_2_efix.tar.Z
For other distributions:
Contact your vendor for upgrade or patch information. See http://www.cert.org/advisories/CA-2003-12.html |
| Related URL |
CVE-2003-0161 (CVE) |
| Related URL |
7230 (SecurityFocus) |
| Related URL |
(ISS) |
|
