GEN:SID 1:655
Message SMTP sendmail 8.6.9 exploit
Summary This event is generated when a buffer overflow is attempted on a Sendmail 8.6.9 server.
Impact Attempted administrator access.  A successful buffer overflow attack can allow a remote attacker access to the Sendmail server at the privilege level of the user ID associated with Sendmail.
Detailed Information A vulnerability exists in Sendmail version 8.6.9 that can be exploited by a buffer overflow attack.  This allows the attacker access to the Sendmail server at the privilege level of the user ID associated with Sendmail.  This attack can occur when a Sendmail server connects back to the ident service of the client requesting the Sendmail connection.  Because it is improperly validated by the Sendmail server, a malicious response can cause a buffer overflow.
Affected Systems Sendmail version 8.6.9.
Attack Scenarios An attacker can request a connection to a Sendmail server, listen for the request for the ident service, and respond with a malicious payload to exploit the vulnerability.
Ease of Attack Easy.  Exploit code is available.
Corrective Action Apply the appropriate patch or upgrade to a Sendmail version greater than 8.6.9.
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0204

Rule References arachnids: 140
bugtraq: 2311
cve: 1999-0204