Security Forums
Log in
FAQ
| Search
| Usergroups
| Profile
| Register
| RSS
| Posting Guidelines
| Recent Posts
View previous topic :: View next topic
Author
Message
sambeckett Just Arrived Joined: 14 Nov 2002 Posts: 0
Posted: Mon Mar 03, 2003 8:10 pm Post subject: Remote Sendmail Header Processing Vulnerability
Synopsis:
ISS X-Force has discovered a buffer overflow vulnerability in the Sendmail Mail Transfer Agent (MTA). Sendmail is the most common MTA and has been documented to handle between 50% and 75% of all Internet email traffic.
Impact:
Attackers may remotely exploit this vulnerability to gain "root" or superuser control of any vulnerable Sendmail server. Sendmail and all other email servers are typically exposed to the Internet in order to send and receive Internet email. Vulnerable Sendmail servers will not be protected by legacy security devices such as firewalls and/or packet filters. This vulnerability is especially dangerous because the exploit can be delivered within an email message and the attacker doesn't need any specific knowledge of the target to launch a successful attack.
http://www.issadvisor.com/viewtopic.php?t=162
Back to top
Jason Forum Fanatic Joined: 19 Sep 2002 Posts: 16777215
Posted: Mon Mar 03, 2003 9:39 pm Post subject:
Is there a publicly available exploit?
Back to top
chris Forum Fanatic Joined: 18 Apr 2002 Posts: 16777201 Location: ~/security-forums
Posted: Mon Mar 03, 2003 9:49 pm Post subject:
Sendmail versions from 5.79 to 8.12.7 are vulnerable
This is quite worrying
Sendmail urges all users to either upgrade to Sendmail 8.12.8 or apply a patch for 8.12.x (or for older versions).
Quote:
Sendmail versions that are patched will record the following log entry when exploitation is attempted: "Dropped invalid comments from header address".
Back to top
ShaolinTiger Forum Fanatic Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
Posted: Tue Mar 04, 2003 4:33 pm Post subject:
It doesn't seem to be as bad as it first seemed.
From LSD's technical analysis:
Freebsd 4.4 - (default & self compiled Sendmail 8.11.6) does not crash
Solaris 8.0 x86 - (default & self compiled Sendmail 8.11.6) does not crash
Solaris 8.0 sparc - (default & self compiled Sendmail 8.11.6) does not crash
HP-UX 10.20 - (self compiled Sendmail 8.11.6) does not crash
IRIX 6.5.14 - (self compiled Sendmail 8.11.6) does not crash
AIX 4.3 - (binary of Sendmail 8.11.3 from bull.de) does not crash
RedHat 7.0 - (default Sendmail 8.11.0) does not crash
RedHat 7.2 - (default Sendmail 8.11.6) does not crash
RedHat 7.3 (p) - (patched Sendmail 8.11.6) does not crash
RedHat 7.0 - (self compiled Sendmail 8.11.6) crashes
RedHat 7.2 - (self compiled Sendmail 8.11.6) crashes
RedHat 7.3 - (self compiled Sendmail 8.11.6) crashes
Slackware 8.0 (p) - (patched Sendmail 8.11.6 binary) crashes
Slackware 8.0 - (self compiled Sendmail 8.12.7) does not crash
RedHat 7.x - (self compiled Sendmail 8.12.7) does not crash
Back to top
sambeckett Just Arrived Joined: 14 Nov 2002 Posts: 0
Posted: Wed Mar 05, 2003 5:12 pm Post subject:
this is just *some of the news I found
ISS finds root exploit in Sendmail
http://www.geek.com/news/geeknews/2003Mar/gee20030305018955.htm
Dangerous flaw found in popular e-mail software
http://www.denverpost.com/Stories/0,1413,36%257E33%257E1218560%257E,00.html
E-mail transfer program has flaw
http://www.bayarea.com/mld/mercurynews/business/5311389.htm
CERT Center Warns of Sendmail Flaw
http://thewhir.com/marketwatch/cer030403.cfm
Flaw in e-mail software makes traffic vulnerable
http://www.taipeitimes.com/News/biz/archives/2003/03/05/196879
Tech Firms, Government Get Friendly Over Sendmail
http://www.washingtonpost.com/wp-dyn/articles/A41859-2003Mar4.html
Email security flaw triggers global worm watch
http://www.newscientist.com/news/news.jsp?id=ns99993456
Sendmail flaw threatens internet email
http://www.vnunet.com/News/1139199
Mail Server Flaw Could Spawn Slammer II
http://www.pcworld.com/news/article/0,aid,109639,00.asp
Patching Sendmail: The Clock Is Ticking
http://www.newsfactor.com/perl/story/20904.html
Security Experts Warn Of E-Mail Software Flaw
http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=7400141
Major Internet vulnerability discovered in e-mail protocol
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,78991,00.html
Security flaw in major e-mail system discovered
http://www.forbes.com/technology/newswire/2003/03/03/rtr895366.html
Back to top
ShaolinTiger Forum Fanatic Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
Back to top
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum