| VID |
18054 |
| Severity |
40 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The Sendmail server, according to its version number, has a buffer overflow vulnerability(3) via certain formatted address fields.
Sendmail is a widely deployed Mail Transport Agent (MTA). Many UNIX and Linux systems provide a Sendmail implementation that is enabled and running by default. The prescan function in Sendmail versions 8.12.9 and earlier contains a vulnerability in its address parsing code. This vulnerability is different than the one described in CA-2003-12. If the nonstandard rulesets (1) recipient, (2) final, or (3) mailer-specific envelope recipients, are used, which are not configured by default, a remote attacker could overflow a buffer and possibly cause a denial of service or execute arbitrary code with the privileges of the sendmail daemon. Unless the RunAsUser option is set, Sendmail typically runs as root.
* Note: Due to the following reasons, this may or may not be considered a security risk in your environment (i.e. It may be a false positive):
1. This check solely relied on the version number of the remote Sendmail server to assess this vulnerability.
2. The version number of the Sendmail server is based on the standard Sendmail distribution released by the Sendmail Consortium.
* References:
http://www.cert.org/advisories/CA-2003-25.html
http://www.sendmail.org/8.12.10.html
http://www.securiteam.com/unixfocus/5NP0B2AB5W.html
http://marc.theaimsgroup.com/?l=bugtraq&m=106381604923204&w=2
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html
http://xforce.iss.net/xforce/alerts/id/advise142
http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html
http://www.kb.cert.org/vuls/id/784980#systems
* Platforms Affected:
Sendmail 8.12.9 and earlier
Linux Any version
UNIX Any version
See the Systems Affected section of VU#784980 in 'References' above for information about specific vendors. |
| Recommendation |
Upgrade to the latest version of Sendmail (8.12.10 or later), available from the Sendmail Web site, "Sendmail 8.12.10" at http://www.sendmail.org/8.12.10.html
For Sun Solaris 7, 8 and 9:
A Sun Alert for this issue will be issued soon and will be available from http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/56860
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest sendmail package (8.12.3-6.6 or later), as listed in Debian Security Advisory DSA-384-1 at http://www.debian.org/security/2003/dsa-384
For Red Hat Linux:
Upgrade to the latest sendmail package, as listed in Red Hat Security Advisory RHSA-2003:283-09 at https://rhn.redhat.com/errata/RHSA-2003-283.html
For Mandrake Linux:
Upgrade to the latest sendmail package, as listed in Mandrake Linux Security Advisory MDKSA-2003:092 at http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:092
For Turbolinux:
Upgrade to the latest sendmail package (8.12.10-1 or later), as listed in Turbolinux Security Advisory TLSA-2003-52 at http://cc.turbolinux.com/security/TLSA-2003-52.txt
For Immunix 7+:
Upgrade to the latest version of sendmail (8.11.6-3_imnx_6 or later), as listed in Immunix Secured OS Security Advisory IMNX-2003-7+-021-01 at http://www.linuxsecurity.com/advisories/immunix_advisory-3652.html
For other distributions:
Contact your vendor for upgrade or patch information. See http://www.kb.cert.org/vuls/id/784980#systems |
| Related URL |
CVE-2003-0694 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
13216 (ISS) |
|
