GEN:SID | 1:2087 |
Message | SMTP From comment overflow attempt |
Summary | vulnerability in Sendmail.
|
Impact | The remote attacker can gain access to a machine with the credentials of the user running the Sendmail daemon, usually 'root'.
|
Detailed Information | A vulnerability exists in the Sendmail MTA Daemon that could allow an attacker the opportunity to gain root access.
A programming error exists such that a buffer overflow can be caused using the header fields in an SMTP session. Using the '<' and '>' characters in the 'from' field, an attacker can increment a counter to the extent that the buffer exceeds it's limit.
|
Affected Systems | All systems using Sendmail prior to version 8.12.8 |
Attack Scenarios | The attacker can craft an email message that contains a "from" header with enough sequences of "<>" to cause a counter to exceed it's maximum size thus causing the buffer overflow.
|
Ease of Attack | Simple
|
Corrective Action | All users of Sendmail should upgrade to the latest non-affected version as soon as possible.
|
Additional References | CERT: http://www.cert.org/advisories/CA-2003-07.html http://www.kb.cert.org/vuls/id/398025
CVE Entry CAN-2002-1337
Sendmail: http://www.sendmail.org/8.12.8.html
|
Rule References | bugtraq: 6991
cve: 2002-1337
url: www.kb.cert.org/vuls/id/398025
|