SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Sendmail Vendors:   Sendmail Consortium
Sendmail DNS Map Initialization Flaw May Let Remote Users Crash the System
SecurityTracker Alert ID:  1007564
SecurityTracker URL:  http://securitytracker.com/id/1007564
CVE Reference:   CVE-2003-0688   (Links to External Site)
Updated:  Aug 26 2003
Original Entry Date:  Aug 25 2003
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.12 - 8.12.8
Description:   A vulnerability was reported in certain versions of sendmail when using DNS maps in the sendmail configuration file. A remote user may be able to cause the mail service to crash or (in theory) execute arbitrary code.

Versions 8.12.x prior to version 8.12.9 are affected, but only when using DNS maps in the 'sendmail.cf' file.

It is reported that the dns_parse_reply() function improperly initializes RESOURCE_RECORD_T data structures. If sendmail receives a DNS reply where the reply size is not the reported size of the reply packet, the dns_free_data() function in the 'sm_resolve.c' file will attempt to free random memory addresses. This may cause sendmail to crash. The report indicates that this flaw may in theory allow a remote user to execute arbitrary code, but that is not confirmed in the report.

Oleg Bulyzhin is credited with reporting this flaw.

Impact:   A remote user may be able to return a DNS reply to sendmail that will cause the mail service to crash or [potentially/theoretically] execute arbitrary code.
Solution:   According to the vendor, the flaw was fixed in version 8.12.9 and was not reported as a security fix because, at the time, was not considered to be security relevant. The vendor now strongly recommends that you upgrade or apply the patch available at:

http://www.sendmail.org/dnsmap1.html

Vendor URL:  www.sendmail.org/dnsmap1.html (Links to External Site)
Cause:   Resource error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 26 2003 (SGI Issues Fix) Sendmail DNS Map Initialization Flaw May Let Remote Users Crash the System
SGI has released a fix.
Aug 26 2003 (OpenBSD Issues Fix) Sendmail DNS Map Initialization Flaw May Let Remote Users Crash the System
OpenBSD has released a fix.
Aug 26 2003 (Mandrake Issues Fix) Sendmail DNS Map Initialization Flaw May Let Remote Users Crash the System
Mandrake has released a fix.
Aug 26 2003 (SuSE Issues Fix) Sendmail DNS Map Initialization Flaw May Let Remote Users Crash the System
SuSE has released a fix.
Aug 26 2003 (FreeBSD Issues Fix) Sendmail DNS Map Initialization Flaw May Let Remote Users Crash the System
FreeBSD has released a fix.
Aug 28 2003 (Red Hat Issues Fix) Sendmail DNS Map Initialization Flaw May Let Remote Users Crash the System
Red Hat has released a fix.
Sep 11 2003 (HP Issues Fix for Tru64 Internet Express) Sendmail DNS Map Initialization Flaw May Let Remote Users Crash the System
HP has released a temporary patch for Internet Express (which includes sendmail) on HP Tru64 UNIX.



 Source Message Contents

Subject:  http://www.sendmail.org/dnsmap1.html


 > DNS map problem in 8.12.x before 8.12.9
 > There is a potential problem in sendmail 8.12.8 and earlier sendmail 8.12.x
 > versions with respect to DNS maps. The bug did not exist in versions before
 > 8.12 as the DNS map type is new to 8.12. The bug was fixed in 8.12.9,
 > released March 29, 2003 but not labeled as a security fix as it wasn't
 > believed to be a security bug:
 >
 >
 >         Properly initialize data structure for dns maps to avoid various
 >                 errors, e.g., looping processes.  Problem noted by
 >                 Maurice Makaay of InterNLnet B.V.
 >
 > Note that only FEATURE(`enhdnsbl') uses a DNS map. We do not have an assessment
 > whether this problem is exploitable, however, if you use a DNS map and an 8.12
 > version older than 8.12.9, then either upgrade (strongly recommended) or apply
 > the trivial patch given below.
 >
 > This problem has been reported to FreeBSD by Oleg Bulyzhin

http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/54367




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC