Secure Computing Network Security Division Information for VU#146718

Sendmail fails to handle malformed multipart MIME messages

Status

Not Affected

Vendor Statement

Sidewinder G2 Security Appliance

Not Vulnerable

The standard defensive coding and configuration practices used on the Sidewinder G2 Security Appliance preve
nt this attack from interrupting the flow of mail through the system. In a standard configuration, attack m
essages will be rejected as invalid without causing an abnormal termination of sendmail. Due to the defensi
ve design of the system, even if an attack message were able to cause an instance of sendmail to terminate,
it would not prevent other messages from being delivered.

As a matter of best practices and defense in depth, the sendmail update will be included in a future patch.

Cyberguard Classic & TSP

Not Vulnerable

Cyberguard Class and TSP do not make use of sendmail for mail delivery.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.