Secure Computing Network Security Division Information for VU#146718
Sendmail fails to handle malformed multipart MIME messages
- Vendor Information Help Date Notified: 09 May 2006
- Statement Date: 21 Jun 2006
- Date Updated: 21 Jun 2006
Sidewinder G2 Security Appliance
The standard defensive coding and configuration practices used on the Sidewinder G2 Security Appliance preve
nt this attack from interrupting the flow of mail through the system. In a standard configuration, attack m
essages will be rejected as invalid without causing an abnormal termination of sendmail. Due to the defensi
ve design of the system, even if an attack message were able to cause an instance of sendmail to terminate,
it would not prevent other messages from being delivered.
As a matter of best practices and defense in depth, the sendmail update will be included in a future patch.
Cyberguard Classic & TSP
Cyberguard Class and TSP do not make use of sendmail for mail delivery.
We are not aware of further vendor information regarding this vulnerability.
There are no additional comments at this time.