DNS: Malformed DNS TXT Record
This signature detects attempts to send a malformed TXT reply from a server back to a requesting client. Some Sendmail versions are vulnerable. When this signature is matched, the replying server is probably hostile or compromised.
Extended Description
Sendmail is a freely available, open source mail transport agent. It is available for most Unix and Linux operating systems. A buffer overflow in the DNS handling code of Sendmail has been discovered. Sendmail attempting to map an address using a TXT query type does not properly check bounds on data returned from the nameserver. Because of this, a malicious nameserver could send a string of arbitrary length to the mail server, resulting in a buffer overflow, and potential code execution. The Sendmail Consortium has stated that the possibility of exploitation is relatively low, as there are no known configurations that use this DNS map option.
Affected Products
Sun solaris
Short Name
DNS:EXPLOIT:MAL-TXT-REC
Severity
Minor
Recommended
False
Recommended Action
None
Category
DNS
Keywords
CVE-2002-0906 DNS Malformed Record TXT bid:5122
Release Date
03/24/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Occasionally
Vendors
Sun
Sendmail_consortium
CVSS Score
7.5