SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#784980

Sendmail prescan() buffer overflow vulnerability

Overview

Sendmail contains a buffer overflow vulnerability in code that parses email addresses. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

I. Description

Sendmail is a widely used mail transfer agent (MTA). There is a buffer overflow vulnerability in code that parses email addresses.

When processing email messages, sendmail creates tokens from address elements (user, host, domain). The code that performs this function (prescan() in parseaddr.c) contains a vulnerability that could allow a remote attacker to overwrite memory structures and execute arbitary code. The attacker could exploit this vulnerability using an email message with a specially crafted address. Such a message could be passed through MTAs that are not vulnerable.

Further information is available in a message by Michal Zalewski.

This is a different vulnerability than the one described in CA-2003-12/VU#897604.

II. Impact

A remote attacker could execute arbitrary code with the privileges of the Sendmail process, typically root. The attacker may also be able to cause a denial of service.

III. Solution

Upgrade or Patch

Upgrade or apply a patch as specified by your vendor. Sendmail has released version 8.12.10 and a patch that resolve this issue.

Enable RunAsUser

Consider setting the RunAsUser option to reduce the impact of this vulnerability. It is typically considered to be a good security practice to limit the privileges of applications and services whenever possible.

Systems Affected

VendorStatusDate Updated
3ComUnknown17-Sep-2003
AlcatelUnknown18-Sep-2003
Apple Computer Inc.Vulnerable25-Sep-2003
AT&TUnknown18-Sep-2003
AvayaUnknown18-Sep-2003
Cisco Systems Inc.Unknown18-Sep-2003
Computer AssociatesUnknown18-Sep-2003
ConectivaVulnerable18-Sep-2003
Cray Inc.Unknown18-Sep-2003
D-Link SystemsUnknown18-Sep-2003
Data GeneralUnknown18-Sep-2003
DebianVulnerable18-Sep-2003
Extreme NetworksUnknown18-Sep-2003
F5 NetworksNot Vulnerable17-Sep-2003
Foundry Networks Inc.Unknown18-Sep-2003
FreeBSDVulnerable25-Sep-2003
FujitsuUnknown18-Sep-2003
Gentoo LinuxVulnerable18-Sep-2003
Guardian Digital Inc. Unknown18-Sep-2003
Hewlett-Packard CompanyVulnerable24-Sep-2003
HitachiUnknown18-Sep-2003
IBMVulnerable18-Sep-2003
IBM eServerVulnerable24-Sep-2003
Ingrian NetworksUnknown18-Sep-2003
IntelUnknown18-Sep-2003
Juniper NetworksUnknown18-Sep-2003
Lotus SoftwareNot Vulnerable17-Sep-2003
Lucent TechnologiesUnknown18-Sep-2003
MandrakeSoftVulnerable18-Sep-2003
Microsoft CorporationUnknown18-Sep-2003
MontaVista SoftwareUnknown18-Sep-2003
Multi-Tech Systems Inc.Unknown18-Sep-2003
MultinetUnknown18-Sep-2003
NEC CorporationUnknown18-Sep-2003
NETBsdVulnerable17-Sep-2003
NetScreenUnknown18-Sep-2003
Network ApplianceNot Vulnerable17-Sep-2003
NokiaUnknown18-Sep-2003
Nortel NetworksUnknown17-Sep-2003
OpenBSDUnknown18-Sep-2003
OpenPKGVulnerable24-Sep-2003
Openwall GNU/*/LinuxNot Vulnerable18-Sep-2003
Oracle CorporationUnknown18-Sep-2003
Red Hat Inc.Vulnerable18-Sep-2003
Redback Networks Inc.Unknown18-Sep-2003
Riverstone NetworksUnknown18-Sep-2003
SCOUnknown18-Sep-2003
Secure Computing CorporationVulnerable24-Sep-2003
Sendmail Inc.Vulnerable18-Sep-2003
SequentUnknown18-Sep-2003
SGIVulnerable29-Sep-2003
SlackwareVulnerable17-Sep-2003
Sony CorporationUnknown18-Sep-2003
Sun Microsystems Inc.Vulnerable18-Sep-2003
SuSE Inc.Vulnerable24-Sep-2003
SyntegraNot Vulnerable25-Sep-2003
The Sendmail ConsortiumVulnerable18-Sep-2003
TurboLinuxVulnerable18-Sep-2003
UnisysUnknown18-Sep-2003
Wind River Systems Inc.Unknown18-Sep-2003
WirexVulnerable18-Sep-2003
XeroxUnknown18-Sep-2003
ZyXELUnknown18-Sep-2003

References


http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html
http://archives.neohapsis.com/archives/sendmail/2003-q3/0002.html
http://www.sendmail.org/8.12.10.html
http://www.sendmail.org/patches/parse8.359.2.8

Credit

This vulnerability was discovered by Michal Zalewski.

This document was written by Art Manion.

Other Information

Date Public09/17/2003
Date First Published09/17/2003 02:06:12 PM
Date Last Updated09/29/2003
CERT AdvisoryCA-2003-25
CVE NameCAN-2003-0694
US-CERT Technical Alerts 
Metric36.72
Document Revision20

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader