Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2003:092: sendmail Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the sendmail package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2003:092 (sendmail).
A buffer overflow vulnerability was discovered in the address parsing code in
all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to
fix the problem provided by Todd C. Miller. This vulnerability seems to be
remotely exploitable on Linux systems running on the x86 platform
team is unsure of other platforms (CVE-2003-0694).
Another potential buffer overflow was fixed in ruleset parsing which is not
exploitable in the default sendmail configuration. A problem may occur if
non-standard rulesets recipient (2), final (4), or mailer- specific envelope
recipients rulesets are use. This problem was discovered by Timo Sirainen
MandrakeSoft encourages all users who use sendmail to upgrade to the provided
packages which are patched to fix both problems.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:092
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.