J-Security Center

Title: Sendmail Ruleset Parsing Buffer Overflow Vulnerability

Severity: MODERATE

Description:

Sendmail is a widely used MTA for UNIX and Microsoft Windows systems.

Sendmail has been reported prone to a buffer-overflow issue when parsing nonstandard rulesets.

An attacker may trigger a buffer overflow in Sendmail when the application parses specific rulesets. Nonstandard rulesets recipient(2), final(4) and mailer-specific envelope recipient may be used as an attack vector to trigger this vulnerability.

Note that Sendmail under a default configuration is not vulnerable to this issue.

It is not currently known if this vulnerability may be exploited to execute arbitrary code. However, given the nature of this vulnerability, an attacker might be able to execute arbitrary code in the context of the affected Sendmail server, but this has not been confirmed.

It is not currently known if this vulnerability is exploitable only locally.

No further technical details are currently available. We will update this BID as more information emerges.

Affected Products:

  • Apple Mac OS X 10.2.0
  • Apple Mac OS X 10.2.1
  • Apple Mac OS X 10.2.2
  • Apple Mac OS X 10.2.3
  • Apple Mac OS X 10.2.4
  • Apple Mac OS X 10.2.5
  • Apple Mac OS X 10.2.6
  • Apple Mac OS X Server 10.2.0
  • Apple Mac OS X Server 10.2.1
  • Apple Mac OS X Server 10.2.2
  • Apple Mac OS X Server 10.2.3
  • Apple Mac OS X Server 10.2.4
  • Apple Mac OS X Server 10.2.5
  • Apple Mac OS X Server 10.2.6
  • Caldera OpenLinux Server 3.1.0
  • Caldera OpenLinux Server 3.1.1
  • Caldera OpenLinux Workstation 3.1.0
  • Caldera OpenLinux Workstation 3.1.1
  • Compaq Tru64 4.0.0 f
  • Compaq Tru64 4.0.0 f PK6 (BL17)
  • Compaq Tru64 4.0.0 f PK7 (BL18)
  • Compaq Tru64 4.0.0 g
  • Compaq Tru64 4.0.0 g PK3 (BL17)
  • Compaq Tru64 4.0.0f PK8 (BL22)
  • Compaq Tru64 4.0.0g PK4 (BL22)
  • Compaq Tru64 5.0.0 a
  • Compaq Tru64 5.0.0 a PK3 (BL17)
  • Compaq Tru64 5.1.0
  • Compaq Tru64 5.1.0 B
  • Compaq Tru64 5.1.0 PK3 (BL17)
  • Compaq Tru64 5.1.0 PK4 (BL18)
  • Compaq Tru64 5.1.0 PK5 (BL19)
  • Compaq Tru64 5.1.0 PK6 (BL20)
  • Compaq Tru64 5.1.0 a
  • Compaq Tru64 5.1.0 a PK1 (BL1)
  • Compaq Tru64 5.1.0 a PK2 (BL2)
  • Compaq Tru64 5.1.0 a PK3 (BL3)
  • Compaq Tru64 5.1.0 a PK4 (BL21)
  • Compaq Tru64 5.1.0 a PK5 (BL23)
  • Compaq Tru64 5.1.0 b PK1 (BL1)
  • Compaq Tru64 5.1.0 b PK2 (BL22)
  • Conectiva Linux 6.0.0
  • Conectiva Linux 7.0.0
  • Conectiva Linux 8.0.0
  • Conectiva Linux 9.0.0
  • Conectiva Linux Enterprise Edition 1.0.0
  • Debian Linux 2.2.0
  • Debian Linux 2.2.0 68k
  • Debian Linux 2.2.0 IA-32
  • Debian Linux 2.2.0 alpha
  • Debian Linux 2.2.0 arm
  • Debian Linux 2.2.0 powerpc
  • Debian Linux 2.2.0 sparc
  • Debian Linux 3.0.0
  • Debian Linux 3.0.0 alpha
  • Debian Linux 3.0.0 arm
  • Debian Linux 3.0.0 hppa
  • Debian Linux 3.0.0 ia-32
  • Debian Linux 3.0.0 ia-64
  • Debian Linux 3.0.0 m68k
  • Debian Linux 3.0.0 mips
  • Debian Linux 3.0.0 mipsel
  • Debian Linux 3.0.0 ppc
  • Debian Linux 3.0.0 s/390
  • Debian Linux 3.0.0 sparc
  • FreeBSD FreeBSD 4.4.0
  • FreeBSD FreeBSD 4.5.0
  • FreeBSD FreeBSD 4.5.0 -RELEASE
  • FreeBSD FreeBSD 4.6.0
  • FreeBSD FreeBSD 4.7.0
  • FreeBSD FreeBSD 5.0.0
  • Gentoo Linux 0.5.0
  • Gentoo Linux 0.7.0
  • Gentoo Linux 1.1.0a
  • Gentoo Linux 1.2.0
  • Gentoo Linux 1.4.0 _rc1
  • Gentoo Linux 1.4.0 _rc2
  • Gentoo Linux 1.4.0 _rc3
  • HP AlphaServer SC
  • HP AltaVista Firewall AVFW98
  • HP AltaVista Firewall Raptor EC
  • HP HP-UX (VVOS) 11.0.0 4
  • HP HP-UX 10.10.0
  • HP HP-UX 10.20.0
  • HP HP-UX 11.0.0
  • HP HP-UX 11.0.0 4
  • HP HP-UX 11.11.0
  • HP HP-UX 11.22.0
  • HP HP-UX 11.23.0
  • HP HP-UX B.11.00
  • HP HP-UX B.11.04
  • HP HP-UX B.11.11
  • HP HP-UX B.11.11
  • HP HP-UX B.11.22
  • HP HP-UX B.11.23
  • HP Internet Express 5.4.0
  • HP Internet Express 5.7.0
  • HP Internet Express 5.8.0
  • HP Internet Express 5.9.0
  • HP Internet Express 6.0.0
  • HP MPE/iX 7.0.0
  • HP MPE/iX 7.5.0
  • HP NonStop-UX PUMA
  • HP NonStop-UX Whitney
  • IBM AIX 4.3.3
  • IBM AIX 5.1.0
  • IBM AIX 5.2
  • Immunix Immunix OS 7.0.0
  • MandrakeSoft Corporate Server 2.1.0
  • MandrakeSoft Linux Mandrake 8.0.0
  • MandrakeSoft Linux Mandrake 8.0.0 ppc
  • MandrakeSoft Linux Mandrake 8.1.0
  • MandrakeSoft Linux Mandrake 8.1.0 ia64
  • MandrakeSoft Linux Mandrake 8.2.0
  • MandrakeSoft Linux Mandrake 8.2.0 ppc
  • MandrakeSoft Linux Mandrake 9.0.0
  • NetBSD NetBSD 1.4.3
  • NetBSD NetBSD 1.5.0
  • NetBSD NetBSD 1.5.0 sh3
  • NetBSD NetBSD 1.5.0 x86
  • NetBSD NetBSD 1.5.1
  • NetBSD NetBSD 1.5.2
  • NetBSD NetBSD 1.5.3
  • NetBSD NetBSD 1.6.0
  • NetBSD NetBSD 1.6.0 Beta
  • NetBSD NetBSD 1.6.1
  • OpenBSD OpenBSD 3.1
  • OpenBSD OpenBSD 3.2
  • OpenBSD OpenBSD 3.3
  • OpenPKG OpenPKG 1.2.0
  • RedHat Linux 6.2.0 i386
  • RedHat Linux 7.0.0
  • RedHat Linux 7.0.0 alpha
  • RedHat Linux 7.0.0 i386
  • RedHat Linux 7.0.0 sparc
  • RedHat Linux 7.1.0
  • RedHat Linux 7.1.0 alpha
  • RedHat Linux 7.1.0 i386
  • RedHat Linux 7.1.0 ia64
  • RedHat Linux 7.2.0 i386
  • RedHat Linux 7.2.0 ia64
  • RedHat Linux 7.3.0 i386
  • RedHat Linux 8.0.0 i386
  • RedHat Linux 9.0.0 i386
  • S.u.S.E. Linux 7.1.0
  • S.u.S.E. Linux 7.1.0 alpha
  • S.u.S.E. Linux 7.1.0 ppc
  • S.u.S.E. Linux 7.1.0 sparc
  • S.u.S.E. Linux 7.1.0 x86
  • S.u.S.E. Linux 7.2.0
  • S.u.S.E. Linux 7.2.0 i386
  • S.u.S.E. Linux 7.3.0
  • S.u.S.E. Linux 7.3.0 i386
  • S.u.S.E. Linux 7.3.0 ppc
  • S.u.S.E. Linux 7.3.0 sparc
  • S.u.S.E. Linux 8.0.0
  • S.u.S.E. Linux 8.0.0 i386
  • S.u.S.E. Linux 8.1.0
  • SCO Open Server 5.0.4
  • SCO Open Server 5.0.5
  • SCO Open Server 5.0.6
  • SCO Open Server 5.0.6 a
  • SGI IRIX 6.5.0
  • SGI IRIX 6.5.1
  • SGI IRIX 6.5.10f
  • SGI IRIX 6.5.10m
  • SGI IRIX 6.5.11f
  • SGI IRIX 6.5.11m
  • SGI IRIX 6.5.12 f
  • SGI IRIX 6.5.12 m
  • SGI IRIX 6.5.13 f
  • SGI IRIX 6.5.13 m
  • SGI IRIX 6.5.14 f
  • SGI IRIX 6.5.14 m
  • SGI IRIX 6.5.15f
  • SGI IRIX 6.5.15m
  • SGI IRIX 6.5.16f
  • SGI IRIX 6.5.16m
  • SGI IRIX 6.5.17f
  • SGI IRIX 6.5.17m
  • SGI IRIX 6.5.18f
  • SGI IRIX 6.5.18m
  • SGI IRIX 6.5.19
  • SGI IRIX 6.5.2
  • SGI IRIX 6.5.3
  • SGI IRIX 6.5.4
  • SGI IRIX 6.5.5
  • SGI IRIX 6.5.6
  • SGI IRIX 6.5.7
  • SGI IRIX 6.5.7f
  • SGI IRIX 6.5.7m
  • SGI IRIX 6.5.8
  • SGI IRIX 6.5.8f
  • SGI IRIX 6.5.8m
  • SGI IRIX 6.5.9f
  • SGI IRIX 6.5.9m
  • SOTLinux SOTLinux 2003 Desktop 0.0.0
  • SOTLinux SOTLinux 2003 Server 0.0.0
  • Sendmail Consortium Sendmail 8.10.0
  • Sendmail Consortium Sendmail 8.10.1
  • Sendmail Consortium Sendmail 8.10.2
  • Sendmail Consortium Sendmail 8.11.0
  • Sendmail Consortium Sendmail 8.11.1
  • Sendmail Consortium Sendmail 8.11.2
  • Sendmail Consortium Sendmail 8.11.3
  • Sendmail Consortium Sendmail 8.11.4
  • Sendmail Consortium Sendmail 8.11.5
  • Sendmail Consortium Sendmail 8.11.6
  • Sendmail Consortium Sendmail 8.12.0 .0
  • Sendmail Consortium Sendmail 8.12.0 beta10
  • Sendmail Consortium Sendmail 8.12.0 beta12
  • Sendmail Consortium Sendmail 8.12.0 beta16
  • Sendmail Consortium Sendmail 8.12.0 beta5
  • Sendmail Consortium Sendmail 8.12.0 beta7
  • Sendmail Consortium Sendmail 8.12.1
  • Sendmail Consortium Sendmail 8.12.2
  • Sendmail Consortium Sendmail 8.12.3
  • Sendmail Consortium Sendmail 8.12.4
  • Sendmail Consortium Sendmail 8.12.5
  • Sendmail Consortium Sendmail 8.12.6
  • Sendmail Consortium Sendmail 8.12.7
  • Sendmail Consortium Sendmail 8.12.8
  • Sendmail Consortium Sendmail 8.12.9
  • Sendmail Consortium Sendmail 8.8.8
  • Sendmail Consortium Sendmail 8.9.0.0
  • Sendmail Consortium Sendmail 8.9.1
  • Sendmail Consortium Sendmail 8.9.2
  • Sendmail Consortium Sendmail 8.9.3
  • Sendmail Inc Sendmail Advanced Message Server 1.2.0
  • Sendmail Inc Sendmail Advanced Message Server 1.3.0
  • Sendmail Inc Sendmail Pro 8.9.2
  • Sendmail Inc Sendmail Pro 8.9.3
  • Sendmail Inc Sendmail Switch 2.1.0
  • Sendmail Inc Sendmail Switch 2.1.1
  • Sendmail Inc Sendmail Switch 2.1.2
  • Sendmail Inc Sendmail Switch 2.1.3
  • Sendmail Inc Sendmail Switch 2.1.4
  • Sendmail Inc Sendmail Switch 2.1.5
  • Sendmail Inc Sendmail Switch 2.2.0
  • Sendmail Inc Sendmail Switch 2.2.1
  • Sendmail Inc Sendmail Switch 2.2.2
  • Sendmail Inc Sendmail Switch 2.2.3
  • Sendmail Inc Sendmail Switch 2.2.4
  • Sendmail Inc Sendmail Switch 2.2.5
  • Sendmail Inc Sendmail Switch 3.0.0
  • Sendmail Inc Sendmail Switch 3.0.1
  • Sendmail Inc Sendmail Switch 3.0.2
  • Sendmail Inc Sendmail Switch 3.0.3
  • Sendmail Inc Sendmail for NT 2.6.0
  • Sendmail Inc Sendmail for NT 2.6.1
  • Sendmail Inc Sendmail for NT 2.6.2
  • Sendmail Inc Sendmail for NT 3.0.0
  • Sendmail Inc Sendmail for NT 3.0.1
  • Sendmail Inc Sendmail for NT 3.0.2
  • Sendmail Inc Sendmail for NT 3.0.3
  • Slackware Linux -current
  • Slackware Linux 8.1.0
  • Slackware Linux 9.0.0
  • Sun Cobalt Qube3 4000WG
  • Sun Cobalt RaQ 4
  • Sun Cobalt RaQ 550
  • Sun Cobalt RaQ XTR
  • Sun Cobalt RaQ XTR 3500R
  • Sun Cobalt RaQ4 3001R
  • Sun Linux 5.0.0
  • Sun Linux 5.0.3
  • Turbolinux Turbolinux Advanced Server 6.0.0
  • Turbolinux Turbolinux Server 6.1.0
  • Turbolinux Turbolinux Server 6.5.0
  • Turbolinux Turbolinux Server 7.0.0
  • Turbolinux Turbolinux Server 8.0.0
  • Turbolinux Turbolinux Workstation 6.0.0
  • Turbolinux Turbolinux Workstation 7.0.0
  • Turbolinux Turbolinux Workstation 8.0.0
  • Yellow Dog Linux 3.0.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.