Vulnerability Note VU#398025
Remote Buffer Overflow in Sendmail
There is a vulnerability in sendmail that may allow remote attackers to gain the privileges of the sendmail daemon, typically root.
Researchers at Internet Security Systems (ISS) have discovered a remotely exploitable vulnerability in sendmail. This vulnerability could allow an intruder to gain control of a vulnerable sendmail server.
Dropped invalid comments from header address
A patched sendmail server will drop invalid headers, thus preventing downstream servers from receiving them.
Successful exploitation of this vulnerability may allow an attacker to gain the privileges of the sendmail daemon, typically root. Even vulnerable sendmail servers on the interior of a given network may be at risk since the vulnerability is triggered from the contents of a malicious email message.
Apply a patch from Sendmail
Many vendors include vulnerable sendmail servers as part of their software distributions. We have notified vendors of this vulnerability and recorded their responses in the systems affected section of this document.
Enable the RunAsUser option
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||21 Feb 2003||03 Mar 2003|
|BSD/OS||Affected||26 Feb 2003||03 Mar 2003|
|Conectiva||Affected||26 Feb 2003||04 Mar 2003|
|Debian||Affected||26 Feb 2003||04 Mar 2003|
|FreeBSD||Affected||13 Jan 2003||03 Mar 2003|
|Gentoo Linux||Affected||04 Mar 2003||04 Mar 2003|
|Hewlett-Packard Company||Affected||27 Jan 2003||15 Sep 2003|
|IBM||Affected||28 Jan 2003||13 Mar 2003|
|MandrakeSoft||Affected||26 Feb 2003||04 Mar 2003|
|NetBSD||Affected||26 Feb 2003||04 Mar 2003|
|Nortel Networks||Affected||26 Feb 2003||22 Apr 2003|
|OpenBSD||Affected||03 Mar 2003||03 Mar 2003|
|OpenPKG||Affected||04 Mar 2003||04 Mar 2003|
|Red Hat Inc.||Affected||19 Feb 2003||03 Mar 2003|
|Sendmail Inc.||Affected||13 Jan 2003||03 Mar 2003|
CVSS Metrics (Learn More)
Our thanks to Internet Security Systems, Inc. for discovering this problem, and to Eric Allman, Claus Assmann, and Greg Shapiro of Sendmail for notifying us of this problem. We thank both groups for their assistance in coordinating the response to this problem.
This document was written by Jeffrey P. Lanza and Shawn V. Hernan.
- CVE IDs: CAN-2002-1337
- CERT Advisory: CA-2003-07
- Date Public: 03 Mar 2003
- Date First Published: 03 Mar 2003
- Date Last Updated: 15 Sep 2003
- Severity Metric: 66.00
- Document Revision: 24
If you have feedback, comments, or additional information about this vulnerability, please send us email.