From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue Aug 26 2003 - 05:29:53 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Sendmail DNS Map Uninitialised Structure Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9602/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
From remote

SOFTWARE:
Sendmail 8.x

DESCRIPTION:
A vulnerability has been identified in Sendmail, which can be
exploited by malicious people to cause a DoS (Denial of Service) on a
vulnerable system or potentially compromise it.

The vulnerability is caused due to the use of an uninitialised
structure when DNS maps are used. This can be exploited by sending a
specially crafted DNS reply to an affected system, which may cause it
to crash and potentially allow execution of arbitrary code.

The vulnerability affects version 8.12.8 and prior 8.12.x versions.

SOLUTION:
Update to version 8.12.9 or apply patch.

Sendmail 8.12.9:
http://www.sendmail.org/8.12.9.html

Patch:
http://www.sendmail.org/sm_resolve.c.p1

REPORTED BY / CREDITS:
Oleg Bulyzhin

ORIGINAL ADVISORY:
http://www.sendmail.org/dnsmap1.html

OTHER REFERENCES:
CERT advisory:
http://www.kb.cert.org/vuls/id/993452

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]