Vulnerability Note VU#146718
Sendmail fails to handle malformed multipart MIME messages
Sendmail does not properly handle malformed multipart MIME messages. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition.
Sendmail is a widely used mail transfer agent (MTA).
Mail Transfer Agents (MTA)
MTAs are responsible for sending and receiving email messages over the internet. They are also referred to as mail servers or SMTP servers.
Sendmail fails to properly handle malformed multipart MIME messages. This vulnerability may be triggered by sending a specially crafted message to a vulnerable Sendmail MTA.
This vulnerability will not cause the Sendmail server process to terminate. However, it may cause the Sendmail to consume a large amount of system resources. Specifically, if a system writes uniquely named core dump files, this vulnerability may cause available disk space to be filled with core dumps leading to a disruption of system operation resulting in a denial-of-service condition.
Additionally, this vulnerability may cause queue runs to abort; if this situation were to occur, processing and delivery of queued messages would be prevented.
This issue is corrected in Sendmail version 8.13.7.
The following workarounds were provided by Sendmail:
Limit message size
Limiting the maximum message size accepted by your server (via the sendmail MaxMessageSize option) will mitigate this vulnerability.
Remove stack size limit
If your operating system limits stack size, remove that limit. This will make the attack more difficult to accomplish, as it will require a very large message. Also, by limiting the maximum message size accepted by your server (via the sendmail MaxMessageSize option), you can eliminate the attack completely.
Configure your MTA to avoid the negative impacts listed above:
- Disable core dumps.
- Enable the ForkEachJob option at the cost of lower queue run performance and potentially a high number of processes.
- Set QueueSortOrder to random, which will randomize the order jobs are processed. Note that with random queue sorting, the bad message will still be processed and the queue run aborted every time, but at a different, random spot.
If you are a vendor and your product is affected, let
us know.View More »
|Vendor||Status||Date Notified||Date Updated|
|FreeBSD, Inc.||Affected||09 May 2006||14 Jun 2006|
|Gentoo Linux||Affected||09 May 2006||15 Jun 2006|
|IBM Corporation||Affected||09 May 2006||14 Jun 2006|
|NetBSD||Affected||09 May 2006||15 Jun 2006|
|Red Hat, Inc.||Affected||09 May 2006||14 Jun 2006|
|Sendmail Consortium||Affected||08 May 2006||14 Jun 2006|
|Sendmail, Inc.||Affected||-||14 Jun 2006|
|Sun Microsystems, Inc.||Affected||09 May 2006||14 Jun 2006|
|Borderware Technologies||Not Affected||09 May 2006||25 May 2006|
|B.U.G., Inc||Not Affected||-||13 Jun 2006|
|Century Systems Inc.||Not Affected||-||13 Jun 2006|
|Check Point Software Technologies||Not Affected||09 May 2006||27 Jun 2006|
|F5 Networks, Inc.||Not Affected||09 May 2006||15 May 2006|
|Force10 Networks, Inc.||Not Affected||09 May 2006||22 Jul 2011|
|Foundry Networks, Inc.||Not Affected||09 May 2006||14 Jun 2006|
This vulnerability was reported by Sendmail.
This document was written by Jeff Gennari based on information from Sendmail.
14 Jun 2006
Date First Published:
15 Jun 2006
Date Last Updated:
22 Jul 2011
If you have feedback, comments, or additional information about this vulnerability, please send us email.