|
|
|
Vulnerability Note VU#784980Sendmail prescan() buffer overflow vulnerabilityOverviewSendmail contains a buffer overflow vulnerability in code that parses email addresses. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.I. DescriptionSendmail is a widely used mail transfer agent (MTA). There is a buffer overflow vulnerability in code that parses email addresses.When processing email messages, sendmail creates tokens from address elements (user, host, domain). The code that performs this function (prescan() in parseaddr.c) contains a vulnerability that could allow a remote attacker to overwrite memory structures and execute arbitary code. The attacker could exploit this vulnerability using an email message with a specially crafted address. Such a message could be passed through MTAs that are not vulnerable. Upgrade or apply a patch as specified by your vendor. Sendmail has released version 8.12.10 and a patch that resolve this issue.
References
This vulnerability was discovered by Michal Zalewski. This document was written by Art Manion.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||