Sendmail Information for VU#803539

Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflows

Status

Affected

Vendor Statement

Sendmail uses the BIND resolver API, and is commonly linked with the BIND resolver library (libbind). As a result, Sendmail could be leveraged to exploit this vulnerability.

The custom DNS map TXT record handling issue that was fixed in Sendmail 8.12.5 is a different issue, which is described in VU#814627. The default configuration of Sendmail is not vulnerable to VU#814627.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.