SMTP: Sendmail Oversized Address Comment (2)
TThis signature detects attempts to exploit a known vulnerability in Sendmail. Sendmail versions 5.79 to 8.12.7 are vulnerable. Attackers can include multiple empty address containers in a SMTP header field to overflow the SMTP header buffer and force Sendmail to execute arbitrary code on the host.
Extended Description
Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers. Reportedly, this vulnerability may be locally exploitable if the sendmail binary is setuid/setgid. Sendmail 5.2 to 8.12.7 are affected. Administrators are advised to upgrade to 8.12.8 or to apply patches to earlier versions of the 8.12.x tree.
Affected Products
Sun lx50,Freebsd freebsd
Short Name
SMTP:OVERFLOW:SENDMAIL-CMT-OF2
Severity
Critical
Recommended
False
Recommended Action
None
Category
SMTP
Keywords
(2) Address CA-2003-07 CVE-2002-1337 Comment Oversized Sendmail bid:6991
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Rarely
Vendors
Wind_river_systems
Sco
Sendmail,_inc
Gentoo
Sun
Hp
Sgi
Freebsd
Sendmail_consortium
Netbsd
Ibm
CVSS Score
10.0