Overview
Sendmail contains a buffer overflow vulnerability in the code that parses rulesets. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.This vulnerability does not affect the default configuration.
Description
Sendmail is a widely used mail transfer agent (MTA). There is a buffer overflow vulnerability in the code that parses rulesets. A system is vulnerable if it is configured to use the non-standard rulesets recipient (2), final (4), or mailer-specific envelope recipients. This is a different vulnerability than the one described in CA-2003-25/VU#784980. |
Impact
Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. |
Solution
This issue is resolved in Sendmail 8.12.10.Beta2. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Timo Sirainen for reporting this vulnerability.
This document was written by Jason A Rafail.
Other Information
| CVE IDs: | None |
| Severity Metric: | 6.33 |
| Date Public: | 2003-07-01 |
| Date First Published: | 2003-09-18 |
| Date Last Updated: | 2003-09-18 20:34 UTC |
| Document Revision: | 7 |