Signature Detail
Short Name |
SMTP:OVERFLOW:SENDMAIL-CMT-OF1 |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
SMTP |
Keywords |
Sendmail Oversized Address Comment (1) |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMTP: Sendmail Oversized Address Comment (1)
This signature detects attempts to exploit a known vulnerability in Sendmail. Sendmail versions 5.79 to 8.12.7 are vulnerable. Attackers can include multiple empty address containers in a SMTP header field to overflow the SMTP header buffer and force Sendmail to execute arbitrary code on the host; attackers can obtain root access.
Extended Description
Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers. Reportedly, this vulnerability may be locally exploitable if the sendmail binary is setuid/setgid. Sendmail 5.2 to 8.12.7 are affected. Administrators are advised to upgrade to 8.12.8 or to apply patches to earlier versions of the 8.12.x tree.
Affected Products
- FreeBSD 4.6.0
- FreeBSD 4.7.0
- FreeBSD 5.0.0
- Gentoo Linux 1.4.0 _rc1
- Gentoo Linux 1.4.0 _rc2
- HP AlphaServer SC
- HP HP-UX 10.10.0
- HP HP-UX 10.20.0
- HP HP-UX 11.0.0
- HP HP-UX 11.0.0 4
- HP HP-UX 11.11.0
- HP HP-UX 11.22.0
- HP HP-UX B.11.00
- HP HP-UX B.11.04
- HP HP-UX B.11.11
- HP HP-UX B.11.22
- HP HP-UX (VVOS) 11.0.0 4
- HP MPE/iX 6.5.0
- IBM MVS
- IBM OS/390 V2R10
- IBM OS/390 V2R8
- IBM z/OS V1R2
- IBM z/OS V1R4
- NetBSD 1.5.0
- NetBSD 1.5.1
- NetBSD 1.5.2
- NetBSD 1.5.3
- NetBSD 1.6.0
- SCO Open UNIX 8.0.0
- SCO Unixware 7.1.1
- SCO Unixware 7.1.3
- Sendmail Consortium Sendmail 5.59.0
- Sendmail Consortium Sendmail 5.61.0
- Sendmail Consortium Sendmail 5.65.0
- Sendmail Consortium Sendmail 8.10.0
- Sendmail Consortium Sendmail 8.10.1
- Sendmail Consortium Sendmail 8.10.2
- Sendmail Consortium Sendmail 8.11.0
- Sendmail Consortium Sendmail 8.11.1
- Sendmail Consortium Sendmail 8.11.2
- Sendmail Consortium Sendmail 8.11.3
- Sendmail Consortium Sendmail 8.11.4
- Sendmail Consortium Sendmail 8.11.5
- Sendmail Consortium Sendmail 8.11.6
- Sendmail Consortium Sendmail 8.12.0 .0
- Sendmail Consortium Sendmail 8.12.0 Beta10
- Sendmail Consortium Sendmail 8.12.0 Beta12
- Sendmail Consortium Sendmail 8.12.0 Beta16
- Sendmail Consortium Sendmail 8.12.0 Beta5
- Sendmail Consortium Sendmail 8.12.0 Beta7
- Sendmail Consortium Sendmail 8.12.1
- Sendmail Consortium Sendmail 8.12.2
- Sendmail Consortium Sendmail 8.12.3
- Sendmail Consortium Sendmail 8.12.4
- Sendmail Consortium Sendmail 8.12.5
- Sendmail Consortium Sendmail 8.12.6
- Sendmail Consortium Sendmail 8.12.7
- Sendmail Consortium Sendmail 8.8.8
- Sendmail Consortium Sendmail 8.9.0 .0
- Sendmail Consortium Sendmail 8.9.1
- Sendmail Consortium Sendmail 8.9.2
- Sendmail Consortium Sendmail 8.9.3
- Sendmail Consortium Sendmail for NT 2.6.0
- Sendmail Consortium Sendmail for NT 2.6.1
- Sendmail Consortium Sendmail for NT 3.0.0
- Sendmail Consortium Sendmail for NT 3.0.1
- Sendmail Consortium Sendmail for NT 3.0.2
- Sendmail Consortium Sendmail Switch 2.1.0
- Sendmail Consortium Sendmail Switch 2.1.1
- Sendmail Consortium Sendmail Switch 2.1.2
- Sendmail Consortium Sendmail Switch 2.1.3
- Sendmail Consortium Sendmail Switch 2.1.4
- Sendmail Consortium Sendmail Switch 2.2.0
- Sendmail Consortium Sendmail Switch 2.2.1
- Sendmail Consortium Sendmail Switch 2.2.2
- Sendmail Consortium Sendmail Switch 2.2.3
- Sendmail Consortium Sendmail Switch 2.2.4
- Sendmail Consortium Sendmail Switch 3.0.0
- Sendmail Consortium Sendmail Switch 3.0.1
- Sendmail Consortium Sendmail Switch 3.0.2
- Sendmail, Inc Sendmail Advanced Message Server 1.2.0
- Sendmail, Inc Sendmail Advanced Message Server 1.3.0
- Sendmail, Inc Sendmail for NT 2.6.0
- Sendmail, Inc Sendmail for NT 2.6.1
- Sendmail, Inc Sendmail for NT 3.0.0
- Sendmail, Inc Sendmail for NT 3.0.1
- Sendmail, Inc Sendmail for NT 3.0.2
- Sendmail, Inc Sendmail Switch 2.1.0
- Sendmail, Inc Sendmail Switch 2.1.1
- Sendmail, Inc Sendmail Switch 2.1.2
- Sendmail, Inc Sendmail Switch 2.1.3
- Sendmail, Inc Sendmail Switch 2.1.4
- Sendmail, Inc Sendmail Switch 2.2.0
- Sendmail, Inc Sendmail Switch 2.2.1
- Sendmail, Inc Sendmail Switch 2.2.2
- Sendmail, Inc Sendmail Switch 2.2.3
- Sendmail, Inc Sendmail Switch 2.2.4
- Sendmail, Inc Sendmail Switch 3.0.0
- Sendmail, Inc Sendmail Switch 3.0.1
- Sendmail, Inc Sendmail Switch 3.0.2
- SGI Freeware 1.0.0
- SGI IRIX 6.5.0
- SGI IRIX 6.5.1
- SGI IRIX 6.5.10
- SGI IRIX 6.5.11
- SGI IRIX 6.5.12
- SGI IRIX 6.5.13
- SGI IRIX 6.5.14
- SGI IRIX 6.5.15
- SGI IRIX 6.5.16
- SGI IRIX 6.5.17
- SGI IRIX 6.5.18
- SGI IRIX 6.5.19
- SGI IRIX 6.5.2
- SGI IRIX 6.5.3
- SGI IRIX 6.5.4
- SGI IRIX 6.5.5
- SGI IRIX 6.5.6
- SGI IRIX 6.5.7
- SGI IRIX 6.5.8
- SGI IRIX 6.5.9
- Sun Cobalt CacheRaQ 4
- Sun Cobalt ManageRaQ3 3000R-mr
- Sun Cobalt Qube 3
- Sun Cobalt RaQ 3
- Sun Cobalt RaQ 4
- Sun Cobalt RaQ 550
- Sun Cobalt RaQ XTR
- Sun LX50
- Sun Solaris 2.6
- Sun Solaris 2.6_x86
- Sun Solaris 7.0
- Sun Solaris 7.0_x86
- Sun Solaris 8 Sparc
- Sun Solaris 8 X86
- Sun Solaris 9 Sparc
- Sun Solaris 9 X86
- Wind River Systems BSD/OS 4.2.0
- Wind River Systems BSD/OS 4.3.1
- Wind River Systems BSD/OS 5.0.0
- Wind River Systems Platform SA 1.0.0
References
- BugTraq: 6991
- CERT: CA-2003-07
- CVE: CVE-2002-1337
- URL: http://www.securityfocus.com/archive/1/313757