Sendmail Information for VU#993452
Sendmail fails to appropriately initialize data structures for DNS maps
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 25 Aug 2003
Please see the vendor statement for VU#993452 at:
The vendor has not provided us with any further information regarding this vulnerability.
Text of statement for VU#993452 follows:
DNS map problem in 8.12.x before 8.12.9
There is a potential problem in sendmail 8.12.8 and earlier sendmail 8.12.x versions with respect to DNS maps. The bug did not exist in versions before 8.12 as the DNS map type is new to 8.12. The bug was fixed in 8.12.9, released March 29, 2003 but not labeled as a security fix as it wasn't believed to be a security bug:
Properly initialize data structure for dns maps to avoid various
errors, e.g., looping processes. Problem noted by
Maurice Makaay of InterNLnet B.V.
Note that only FEATURE(`enhdnsbl') uses a DNS map. We do not have an assessment whether this problem is exploitable, however, if you use a DNS map and an 8.12 version older than 8.12.9, then either upgrade (strongly recommended) or apply the trivial patch given below.
This problem has been reported to FreeBSD by Oleg Bulyzhin, see
Here's a quote from the report:
Use sm_resolve.c coming with sendmail 8.12.9 or use this patch:
--- sm_resolve.c.orig Fri Jun 28 00:43:24 2002
+++ sm_resolve.c Thu Jul 10 01:21:17 2003
@@ -233,6 +233,7 @@
+ memset(*rr, 0, sizeof(**rr));
(*rr)->rr_domain = sm_strdup(host);
if ((*rr)->rr_domain == NULL)
If you have feedback, comments, or additional information about this vulnerability, please send us email.