Vulnerability Note VU#814627

Sendmail vulnerable to buffer overflow when DNS map is specified using TXT records

Original Release date: 28 Jun 2002 | Last revised: 20 Dec 2004

Overview

A remotely exploitable buffer overflow exists in Sendmail, versions 8.12.0 through 8.12.4. This vulnerability only exhibits itself if you have modified the configuration file to look up TXT records in DNS.

Description

The buffer overflow occurs in the portion of code that process responses from DNS servers. Please note that the Sendmail Consortium has indicated that this vulnerability is not present in the standard Sendmail distribution because the option that can trigger the exposure is not enabled. For more details, please see the Sendmail announcement.

Impact

A remote attacker may be able to execute arbitrary code with the privileges of the Sendmail daemon, typically root. Note that there is no known exploit for this vulnerability.

Solution

Upgrade to Sendmail 8.12.5 or apply the appropriate vendor-supplied patch.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected-20 Dec 2004
SendmailAffected-28 Jun 2002
Sun Microsystems Inc.Affected-20 Dec 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

The CERT/CC thanks Eric Allman and Gregory Shapiro for helping us construct this document.

This document was written by Ian A Finlay and Jeffrey Havrilla.

Other Information

  • CVE IDs: CVE-2002-0906
  • Date Public: 25 Jun 2002
  • Date First Published: 28 Jun 2002
  • Date Last Updated: 20 Dec 2004
  • Severity Metric: 28.35
  • Document Revision: 31

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.