|
|
|
 |
Vulnerability Note VU#814627Sendmail vulnerable to buffer overflow when DNS map is specified using TXT recordsOverviewA remotely exploitable buffer overflow exists in Sendmail, versions 8.12.0 through 8.12.4. This vulnerability only exhibits itself if you have modified the configuration file to look up TXT records in DNS.I. DescriptionThe buffer overflow occurs in the portion of code that process responses from DNS servers. Please note that the Sendmail Consortium has indicated that this vulnerability is not present in the standard Sendmail distribution because the option that can trigger the exposure is not enabled. For more details, please see the Sendmail announcement.II. ImpactA remote attacker may be able to execute arbitrary code with the privileges of the Sendmail daemon, typically root. Note that there is no known exploit for this vulnerability.III. SolutionUpgrade to Sendmail 8.12.5 or apply the appropriate vendor-supplied patch.Systems Affected
References
The CERT/CC thanks Eric Allman and Gregory Shapiro for helping us construct this document. This document was written by Ian A Finlay and Jeffrey Havrilla.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||
Get Adobe Reader