Vulnerability: Sendmail DNS Map TXT Record Buffer Overflow
Results 1 to 2 of 2

Thread: Vulnerability: Sendmail DNS Map TXT Record Buffer Overflow

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Vulnerability: Sendmail DNS Map TXT Record Buffer Overflow

    Sendmail is a freely available, open source mail transport agent. It is available for most Unix and Linux operating systems.

    A buffer overflow in the DNS handling code of Sendmail has been discovered. Sendmail attempting to map an address using a TXT query type does not properly check bounds on data returned from the nameserver. Because of this, a malicious nameserver could send a string of arbitrary length to the mail server, resulting in a buffer overflow, and potential code execution.

    The Sendmail Consortium has stated that the possibility of exploitation is relatively low, as there are no known configurations that use this DNS map option.

    Remote: Yes

    Exploit: No

    Solution: Fixes are available.


    Sendmail Consortium Sendmail 8.11:

    Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
    ftp://ftp.sendmail.org/pub/sendmail/....8.12.5.tar.gz

    Sendmail Consortium Sendmail 8.11.1:

    Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
    ftp://ftp.sendmail.org/pub/sendmail/....8.12.5.tar.gz

    Sendmail Consortium Sendmail 8.11.2:

    Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
    ftp://ftp.sendmail.org/pub/sendmail/....8.12.5.tar.gz

    Sendmail Consortium Sendmail 8.11.3:

    Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
    ftp://ftp.sendmail.org/pub/sendmail/....8.12.5.tar.gz

    Sendmail Consortium Sendmail 8.11.4:

    Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
    ftp://ftp.sendmail.org/pub/sendmail/....8.12.5.tar.gz

    Sendmail Consortium Sendmail 8.11.5:

    Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
    ftp://ftp.sendmail.org/pub/sendmail/....8.12.5.tar.gz

    Sendmail Consortium Sendmail 8.11.6:

    Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
    ftp://ftp.sendmail.org/pub/sendmail/....8.12.5.tar.gz

    Sendmail Consortium Sendmail 8.12:

    Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
    ftp://ftp.sendmail.org/pub/sendmail/....8.12.5.tar.gz

    Sendmail Consortium Sendmail 8.12.1:

    Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
    ftp://ftp.sendmail.org/pub/sendmail/....8.12.5.tar.gz

    Sendmail Consortium Sendmail 8.12.2:

    Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
    ftp://ftp.sendmail.org/pub/sendmail/....8.12.5.tar.gz

    Sendmail Consortium Sendmail 8.12.3:

    Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
    ftp://ftp.sendmail.org/pub/sendmail/....8.12.5.tar.gz

    Sendmail Consortium Sendmail 8.12.4:

    Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
    ftp://ftp.sendmail.org/pub/sendmail/....8.12.5.tar.gz

  2. #2
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Gee, there's a big surprise. Sendmail with a hole in it? Thats like saying Microsoft screwed up again...

    umm, did you find this exploit? Please give credit where it is due.... state your sources.. or did you get it direct from senmail?
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides