SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Sendmail Vendors:   Sendmail Consortium
Sendmail Ruleset Buffer Overflow Has Unspecified Impact
SecurityTracker Alert ID:  1007737
SecurityTracker URL:  http://securitytracker.com/id/1007737
CVE Reference:   CVE-2003-0681   (Links to External Site)
Date:  Sep 18 2003
Impact:   Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.12.9 and prior versions
Description:   A buffer overflow vulnerability was reported in Sendmail in certain non-default configurations. The impact was not reported.

It is reported that if non-standard recipient (2), final (4), or mailer-specific envelope rulesets are enabled, a potential buffer overflow may occur. The overflow reportedly exists in the ruleset parsing process.

The default configuration is reported to be not vulnerable.

Timo Sirainen is credited with reporting this flaw.

Impact:   The impact was not disclosed.
Solution:   The vendor has issued a fixed version (8.2.10), available at:

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.10.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail. 8.12.10.tar.gz.sig
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.10.tar.Z
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.10.tar.Z.sig

The following patch is also available:

http://sendmail.org/parse8.359.2.8.html

Vendor URL:  www.sendmail.org/8.12.10.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 18 2003 (Debian Issues Fix) Sendmail Ruleset Buffer Overflow Has Unspecified Impact
Debian has released a fix.
Sep 18 2003 (Red Hat Issues Fix) Sendmail Ruleset Buffer Overflow Has Unspecified Impact
Red Hat has released a fix for Red Hat Linux.
Sep 18 2003 (Slackware Issues Fix) Sendmail Ruleset Buffer Overflow Has Unspecified Impact
Slackware has released a fix.
Sep 18 2003 (Immunix Issues Fix) Sendmail Ruleset Buffer Overflow Has Unspecified Impact
Immunix has released a fix.
Sep 18 2003 (Conectiva Issues Fix) Sendmail Ruleset Buffer Overflow Has Unspecified Impact
Conectiva has released a fix.
Sep 19 2003 (Gentoo Issues Fix) Re: Sendmail Ruleset Buffer Overflow Has Unspecified Impact
Gentoo has issued a fix.
Sep 23 2003 (Apple Issues Fix) Sendmail Ruleset Buffer Overflow Has Unspecified Impact
Apple has released a fix.



 Source Message Contents

Subject:  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0681


 > CAN-2003-0681 (under review)
 > A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using
 > the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope
 > recipients, has unknown consequences.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC