• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Remote Sendmail Header Processing Vulnerability

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
sambeckett
Just Arrived
Just Arrived


Joined: 14 Nov 2002
Posts: 0


Offline

PostPosted: Mon Mar 03, 2003 8:10 pm    Post subject: Remote Sendmail Header Processing Vulnerability Reply with quote

Synopsis:
ISS X-Force has discovered a buffer overflow vulnerability in the Sendmail Mail Transfer Agent (MTA). Sendmail is the most common MTA and has been documented to handle between 50% and 75% of all Internet email traffic.

Impact:
Attackers may remotely exploit this vulnerability to gain "root" or superuser control of any vulnerable Sendmail server. Sendmail and all other email servers are typically exposed to the Internet in order to send and receive Internet email. Vulnerable Sendmail servers will not be protected by legacy security devices such as firewalls and/or packet filters. This vulnerability is especially dangerous because the exploit can be delivered within an email message and the attacker doesn't need any specific knowledge of the target to launch a successful attack.

http://www.issadvisor.com/viewtopic.php?t=162
Back to top
View user's profile Send private message Visit poster's website
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Mon Mar 03, 2003 9:39 pm    Post subject: Reply with quote

Is there a publicly available exploit?
Back to top
View user's profile Send private message Send e-mail
chris
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777201
Location: ~/security-forums

Offline

PostPosted: Mon Mar 03, 2003 9:49 pm    Post subject: Reply with quote

Sendmail versions from 5.79 to 8.12.7 are vulnerable

This is quite worrying

Sendmail urges all users to either upgrade to Sendmail 8.12.8 or apply a patch for 8.12.x (or for older versions).

Quote:
Sendmail versions that are patched will record the following log entry when exploitation is attempted: "Dropped invalid comments from header address".
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Tue Mar 04, 2003 4:33 pm    Post subject: Reply with quote

It doesn't seem to be as bad as it first seemed.

From LSD's technical analysis:

Freebsd 4.4 - (default & self compiled Sendmail 8.11.6) does not crash
Solaris 8.0 x86 - (default & self compiled Sendmail 8.11.6) does not crash
Solaris 8.0 sparc - (default & self compiled Sendmail 8.11.6) does not crash
HP-UX 10.20 - (self compiled Sendmail 8.11.6) does not crash
IRIX 6.5.14 - (self compiled Sendmail 8.11.6) does not crash
AIX 4.3 - (binary of Sendmail 8.11.3 from bull.de) does not crash
RedHat 7.0 - (default Sendmail 8.11.0) does not crash
RedHat 7.2 - (default Sendmail 8.11.6) does not crash
RedHat 7.3 (p) - (patched Sendmail 8.11.6) does not crash
RedHat 7.0 - (self compiled Sendmail 8.11.6) crashes
RedHat 7.2 - (self compiled Sendmail 8.11.6) crashes
RedHat 7.3 - (self compiled Sendmail 8.11.6) crashes
Slackware 8.0 (p) - (patched Sendmail 8.11.6 binary) crashes
Slackware 8.0 - (self compiled Sendmail 8.12.7) does not crash
RedHat 7.x - (self compiled Sendmail 8.12.7) does not crash
Back to top
View user's profile Send private message Visit poster's website
sambeckett
Just Arrived
Just Arrived


Joined: 14 Nov 2002
Posts: 0


Offline

PostPosted: Wed Mar 05, 2003 5:12 pm    Post subject: Reply with quote

this is just *some of the news I found

ISS finds root exploit in Sendmail
http://www.geek.com/news/geeknews/2003Mar/gee20030305018955.htm

Dangerous flaw found in popular e-mail software
http://www.denverpost.com/Stories/0,1413,36%257E33%257E1218560%257E,00.html

E-mail transfer program has flaw
http://www.bayarea.com/mld/mercurynews/business/5311389.htm

CERT Center Warns of Sendmail Flaw
http://thewhir.com/marketwatch/cer030403.cfm

Flaw in e-mail software makes traffic vulnerable
http://www.taipeitimes.com/News/biz/archives/2003/03/05/196879

Tech Firms, Government Get Friendly Over Sendmail
http://www.washingtonpost.com/wp-dyn/articles/A41859-2003Mar4.html

Email security flaw triggers global worm watch
http://www.newscientist.com/news/news.jsp?id=ns99993456

Sendmail flaw threatens internet email
http://www.vnunet.com/News/1139199

Mail Server Flaw Could Spawn Slammer II
http://www.pcworld.com/news/article/0,aid,109639,00.asp

Patching Sendmail: The Clock Is Ticking
http://www.newsfactor.com/perl/story/20904.html

Security Experts Warn Of E-Mail Software Flaw
http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=7400141

Major Internet vulnerability discovered in e-mail protocol
http://www.computerworld.com/securitytopics/security/holes/story/0,10801,78991,00.html

Security flaw in major e-mail system discovered
http://www.forbes.com/technology/newswire/2003/03/03/rtr895366.html
Back to top
View user's profile Send private message Visit poster's website
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Wed Mar 05, 2003 5:15 pm    Post subject: Reply with quote

The technical analysis is here:

http://www.securityfocus.com/archive/1/313757/2003-03-01/2003-03-07/0

With exploit for RH/Slack.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register