[Dshield] critical sendmail problem.

Danny danny at eboundary.com
Mon Mar 3 18:40:10 GMT 2003


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Any one have any technical info on this? 

Does it *only* effect systems with sendmail listening and accepting mail
from the world, or are you vulnerable if you allow users to send mail
from local accounts? 

Cheers
Danny
Network Security Engineer


|->-----Original Message-----
|->From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
|->Behalf Of Johannes Ullrich
|->Sent: Monday, March 03, 2003 12:21 PM
|->To: list at dshield.org
|->Subject: [Dshield] critical sendmail problem.
|->
|->
|->
|->> Internet Security Systems Security Advisory
|->> March 3, 2002
|->>
|->> Remote Sendmail Header Processing Vulnerability
|->>
|->> Synopsis:
|->>
|->> ISS X-Force has discovered a buffer overflow vulnerability in the
|->> Sendmail
|->> Mail Transfer Agent (MTA). Sendmail is the most common MTA and has
|->> been
|->> documented to handle between 50% and 75% of all Internet email
|->> traffic.
|->>
|->> Impact:
|->>
|->> Attackers may remotely exploit this vulnerability to gain "root" or
|->> superuser
|->> control of any vulnerable Sendmail server. Sendmail and all other
|->> email
|->> servers are typically exposed to the Internet in order to send and
|->> receive
|->> Internet email. Vulnerable Sendmail servers will not be protected
by
|->> legacy
|->> security devices such as firewalls and/or packet filters. This
|->> vulnerability
|->> is especially dangerous because the exploit can be delivered within
an
|->> email
|->> message and the attacker doesn't need any specific knowledge of the
|->> target to
|->> launch a successful attack.
|->>
|->> Affected Versions:
|->>
|->> Sendmail versions from 5.79 to 8.12.7 are vulnerable
|->>
|->> Note: The affected versions of Sendmail commercial, Sendmail open
|->> source
|->> running on all platforms are known to be vulnerable.
|->>
|->> For the complete ISS X-Force Security Advisory, please visit:
|->>
<http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950>
|->> ______
|->>
|->> About Internet Security Systems (ISS)
|->> Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is
a
|->> pioneer and world leader in software and services that protect
|->> critical
|->> online resources from an ever-changing spectrum of threats and
misuse.
|->> Internet Security Systems is headquartered in Atlanta, GA, with
|->> additional operations throughout the Americas, Asia, Australia,
Europe
|->> and the Middle East.
|->>
|->> Copyright (c) 2003 Internet Security Systems, Inc. All rights
reserved
|->> worldwide.
|->>
|->> Permission is hereby granted for the electronic redistribution of
this
|->> document. It is not to be edited or altered in any way without the
|->> express written consent of the Internet Security Systems X-Force.
If
|->> you wish to reprint the whole or any part of this document in any
|->> other
|->> medium excluding electronic media, please email xforce at iss.net for
|->> permission.
|->>
|->> Disclaimer: The information within this paper may change without
|->> notice.
|->> Use of this information constitutes acceptance for use in an AS IS
|->> condition. There are NO warranties, implied or otherwise, with
regard
|->> to
|->> this information or its use. Any use of this information is at the
|->> user's risk. In no event shall the author/distributor (Internet
|->> Security
|->> Systems X-Force) be held liable for any damages whatsoever arising
out
|->> of or in connection with the use or spread of this information.
|->> X-Force PGP Key available on MIT's PGP key server and PGP.com's key
|->> server,
|->> as well as at <http://www.iss.net/security_center/sensitive.php>
|->> Please send suggestions, updates, and comments to: X-Force
|->> xforce at iss.net of Internet Security Systems, Inc.
|->>
|->
|->
|->_______________________________________________
|->list mailing list
|->list at dshield.org
|->To change your subscription options (or unsubscribe), see:
|->http://www.dshield.org/mailman/listinfo/list

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPmOhiX8l+vsju1DoEQJ1PACgpyNy8PSDF/IQLJbhtJqGJN4O00AAoOif
hyEijtuZZ9Rv+KvYlwOMF3Zv
=TgUY
-----END PGP SIGNATURE-----



More information about the list mailing list