GEN:SID 1:2265
Message SMTP SOML FROM sendmail prescan too many addresses overflow
Summary This event is generated when an attempt is made to exploit a known
vulnerability in versions of Sendmail.
Impact Remote arbitrary code execution.
Detailed Information A vulnerability exists in the prescan() function used in Sendmail prior
to version 8.12.9. This function contains an error when converting a
character to an integer value while processing SMTP headers.
Affected Systems All systems using Sendmail.
Attack Scenarios An attacker could exploit this condition to process code of their
choosing and open a listening shell bound to a high port, thus opening the
system to further compromise.
Ease of Attack Simple. Exploit code exists.
Corrective Action Upgrade Sendmail to the latest non-affected verison.
Additional References CERT:
http://www.cert.org/advisories/CA-2003-07.html
Rule References bugtraq: 6991
cve: 2002-1337