Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion.
This vulnerability makes it poissible for an attacker to take control of sendmail and is thought to be remotely exploitable, and very likely locally exploitable. Updated packages are available with patches applied (the older versions), and the new fixed version is available for Mandrake Linux 9.1 users.

Update :

The packages for Mandrake Linux 9.1 and 9.1/PPC were not GPG-signed.
This has been fixed and as a result the md5sums have changed. Thanks to Mark Lyda for pointing this out.

s700_800 11.22 sendmail(1m) 8.11.1 patch : 

The remote HP-UX host is affected by multiple vulnerabilities :

  - Sendmail Restricted Shell (smrsh) may let local users     bypass restrictions to execute code.

  - A potential security vulnerability has been identified     with HP-UX sendmail, where the vulnerability may be     exploited remotely to gain unauthorized access or create     a denial of service (DoS). References: CERT CA-2003-12.
    (HPSBUX00253 SSRT3531)

  - A potential security vulnerability has been identified     with HP-UX running sendmail, where the vulnerability may     be exploited remotely to gain unauthorized access and     create a Denial of Service (DoS). References: CERT     CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)

s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : 

The remote HP-UX host is affected by multiple vulnerabilities :

  - A potential security vulnerability has been identified     with HP-UX sendmail, where the vulnerability may be     exploited remotely to gain unauthorized access or create     a denial of service (DoS). References: CERT CA-2003-12.
    (HPSBUX00253 SSRT3531)

  - A potential security vulnerability has been identified     with HP-UX running sendmail, where the vulnerability may     be exploited remotely to gain unauthorized access and     create a Denial of Service (DoS). References: CERT     CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)

s700_800 11.00 sendmail(1M) 8.9.3 patch : 

The remote HP-UX host is affected by multiple vulnerabilities :

  - A potential security vulnerability has been identified     with HP-UX running sendmail, where the vulnerability may     be exploited remotely to gain unauthorized access and     create a Denial of Service (DoS). References: CERT     CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)

  - A vulnerability has been identified in sendmail which     may allow a remote attacker to execute arbitrary code.
    References: CVE-2006-0058, US-CERT VU#834865.
    (HPSBUX02108 SSRT061133)

  - A potential security vulnerability has been identified     with HP-UX running sendmail, where the vulnerability     could be exploited remotely to gain unauthorized     privileged access. References: CERT/CC CA-2003-25,     CAN-2003-0681. (HPSBUX00281 SSRT3631)

  - A potential security vulnerability has been identified     with HP-UX sendmail, where the vulnerability may be     exploited remotely to gain unauthorized access or create     a denial of service (DoS). References: CERT CA-2003-12.
    (HPSBUX00253 SSRT3531)

  - A potential security vulnerability has been identified     with HP-UX running sendmail. This vulnerability could     allow a remote user to cause a Denial of Service (DoS).
    (HPSBUX02183 SSRT061243)

s700_800 11.11 sendmail(1M) 8.9.3 patch : 

The remote HP-UX host is affected by multiple vulnerabilities :

  - A potential security vulnerability has been identified     with HP-UX running sendmail, where the vulnerability     could be exploited remotely to gain unauthorized     privileged access. References: CERT/CC CA-2003-25,     CAN-2003-0681. (HPSBUX00281 SSRT3631)

  - A vulnerability has been identified in sendmail which     may allow a remote attacker to execute arbitrary code.
    References: CVE-2006-0058, US-CERT VU#834865.
    (HPSBUX02108 SSRT061133)

  - A potential security vulnerability has been identified     with HP-UX sendmail, where the vulnerability may be     exploited remotely to gain unauthorized access or create     a denial of service (DoS). References: CERT CA-2003-12.
    (HPSBUX00253 SSRT3531)

  - A potential security vulnerability has been identified     with HP-UX running sendmail. This vulnerability could     allow a remote user to cause a Denial of Service (DoS).
    (HPSBUX02183 SSRT061243)

  - A potential security vulnerability has been identified     with HP-UX running sendmail, where the vulnerability may     be exploited remotely to gain unauthorized access and     create a Denial of Service (DoS). References: CERT     CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)

The remote Sendmail server, according to its version number, may be vulnerable to a remote buffer overflow allowing remote users to gain root privileges.

Sendmail versions from 5.79 to 8.12.8 are vulnerable.

NOTE: manual patches do not change the version numbers.
Vendors who have released patched versions of Sendmail may still falsely show a vulnerability.

*** Nessus reports this vulnerability using only the banner of the
*** remote SMTP server. Therefore, this might be a false positive.

Michal Zalewski discovered a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail, a widely used powerful, efficient, and scalable mail transport agent. This problem is potentially remotely exploitable.

Updated Sendmail packages are available to fix a vulnerability that allows local and possibly remote attackers to gain root privileges.

Sendmail is a widely used Mail Transport Agent (MTA) which is included in all Red Hat Enterprise Linux distributions.

There is a vulnerability in Sendmail versions 8.12.8 and prior. The address parser performs insufficient bounds checking in certain conditions due to a char to int conversion, making it possible for an attacker to take control of the application. Although no exploit currently exists, this issue is probably locally exploitable and may be remotely exploitable.

All users are advised to update to these erratum packages containing a backported patch which corrects these vulnerabilities.

Red Hat would like to thank Michal Zalewski for finding and reporting this issue.

The remote Sendmail server may be vulnerable to a remote buffer overflow that can be exploited by an attacker to gain a root shell on this host.

ID	Name	Product	Family	Published	Updated	Severity
14026	Mandrake Linux Security Advisory : sendmail (MDKSA-2003:042-1)	Nessus	Mandriva Local Security Checks	7/31/2004	1/6/2021	critical
16634	HP-UX PHNE_28409 : s700_800 11.22 sendmail(1m) 8.11.1 patch	Nessus	HP-UX Local Security Checks	2/16/2005	1/11/2021	critical
16898	HP-UX PHNE_29526 : s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch	Nessus	HP-UX Local Security Checks	2/16/2005	1/11/2021	critical
26133	HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch	Nessus	HP-UX Local Security Checks	9/25/2007	1/11/2021	critical
26134	HP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patch	Nessus	HP-UX Local Security Checks	9/25/2007	1/11/2021	critical
11499	Sendmail < 8.12.9 NOCHAR Control Value prescan Overflow	Nessus	SMTP problems	3/29/2003	9/17/2018	critical
15115	Debian DSA-278-1 : sendmail - char-to-int conversion	Nessus	Debian Local Security Checks	9/29/2004	1/4/2021	critical
15127	Debian DSA-290-1 : sendmail-wide - char-to-int conversion	Nessus	Debian Local Security Checks	9/29/2004	1/4/2021	critical
12385	RHEL 2.1 : sendmail (RHSA-2003:121)	Nessus	Red Hat Local Security Checks	7/6/2004	1/14/2021	critical
2031	Sendmail < 8.12.9 NOCHAR Value Overflow	Nessus Network Monitor	SMTP Servers	8/18/2004	3/6/2019	high

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical

high