CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#108964

Sendmail contains buffer overflow in ruleset parsing

Overview

Sendmail contains a buffer overflow vulnerability in the code that parses rulesets. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.This vulnerability does not affect the default configuration.

I. Description

Sendmail is a widely used mail transfer agent (MTA). There is a buffer overflow vulnerability in the code that parses rulesets. A system is vulnerable if it is configured to use the non-standard rulesets recipient (2), final (4), or mailer-specific envelope recipients.

This is a different vulnerability than the one described in CA-2003-25/VU#784980.

II. Impact

Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

III. Solution

This issue is resolved in Sendmail 8.12.10.Beta2.


Download the commercial version from:


or the open-source version from:

Systems Affected
VendorStatusDate Updated
SendmailVulnerable18-Sep-2003
Sendmail Inc.Vulnerable18-Sep-2003

References


http://www.sendmail.com
http://www.sendmail.org

Credit

Thanks to Timo Sirainen for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

Date Public07/01/2003
Date First Published09/18/2003 02:09:42 PM
Date Last Updated09/18/2003
CERT Advisory 
CVE Name 
Metric6.33
Document Revision7

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2003 Carnegie Mellon University