GEN:SID 1:2087
Message SMTP From comment overflow attempt
Summary vulnerability in Sendmail.
Impact The remote attacker can gain access to a machine with the credentials of
the user running the Sendmail daemon, usually 'root'.
Detailed Information A vulnerability exists in the Sendmail MTA Daemon that could allow an
attacker the opportunity to gain root access.

A programming error exists such that a buffer overflow can be caused
using the header fields in an SMTP session. Using the '<' and '>'
characters in the 'from' field, an attacker can increment a counter to
the extent that the buffer exceeds it's limit.
Affected Systems All systems using Sendmail prior to version 8.12.8
    
Attack Scenarios The attacker can craft an email message that contains a "from" header
with enough sequences of "<>" to cause a counter to exceed it's maximum
size thus causing the buffer overflow.
Ease of Attack Simple
Corrective Action All users of Sendmail should upgrade to the latest non-affected version
as soon as possible.
Additional References CERT:
http://www.cert.org/advisories/CA-2003-07.html
http://www.kb.cert.org/vuls/id/398025

CVE Entry
CAN-2002-1337

Sendmail:
http://www.sendmail.org/8.12.8.html
Rule References bugtraq: 6991
cve: 2002-1337
url: www.kb.cert.org/vuls/id/398025