Vulnerability Note VU#784980

Sendmail prescan() buffer overflow vulnerability

Original Release date: 17 Sep 2003 | Last revised: 29 Sep 2003

Overview

Sendmail contains a buffer overflow vulnerability in code that parses email addresses. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

Description

Sendmail is a widely used mail transfer agent (MTA). There is a buffer overflow vulnerability in code that parses email addresses.

When processing email messages, sendmail creates tokens from address elements (user, host, domain). The code that performs this function (prescan() in parseaddr.c) contains a vulnerability that could allow a remote attacker to overwrite memory structures and execute arbitary code. The attacker could exploit this vulnerability using an email message with a specially crafted address. Such a message could be passed through MTAs that are not vulnerable.

Further information is available in a message by Michal Zalewski.

This is a different vulnerability than the one described in CA-2003-12/VU#897604.

Impact

A remote attacker could execute arbitrary code with the privileges of the Sendmail process, typically root. The attacker may also be able to cause a denial of service.

Solution

Upgrade or Patch
Upgrade or apply a patch as specified by your vendor. Sendmail has released version 8.12.10 and a patch that resolve this issue.


Enable RunAsUser

Consider setting the RunAsUser option to reduce the impact of this vulnerability. It is typically considered to be a good security practice to limit the privileges of applications and services whenever possible.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected17 Sep 200325 Sep 2003
ConectivaAffected17 Sep 200318 Sep 2003
DebianAffected17 Sep 200318 Sep 2003
FreeBSDAffected17 Sep 200325 Sep 2003
Gentoo LinuxAffected-18 Sep 2003
Hewlett-Packard CompanyAffected17 Sep 200324 Sep 2003
IBMAffected17 Sep 200318 Sep 2003
IBM eServerAffected17 Sep 200324 Sep 2003
MandrakeSoftAffected17 Sep 200318 Sep 2003
NETBsdAffected17 Sep 200317 Sep 2003
OpenPKGAffected-24 Sep 2003
Red Hat Inc.Affected17 Sep 200318 Sep 2003
Secure Computing CorporationAffected-24 Sep 2003
Sendmail Inc.Affected-18 Sep 2003
SGIAffected17 Sep 200329 Sep 2003
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by Michal Zalewski.

This document was written by Art Manion.

Other Information

  • CVE IDs: CAN-2003-0694
  • CERT Advisory: CA-2003-25
  • Date Public: 17 Sep 2003
  • Date First Published: 17 Sep 2003
  • Date Last Updated: 29 Sep 2003
  • Severity Metric: 36.72
  • Document Revision: 20

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.