New vulnerability found in Sendmail

By Steve Malone

Posted on 31 Mar 2003 at 10:22

CERT, the US government backed research and development centre, has announced details of another vulnerability in the popular Sendmail system. This follows less than a month from a similar problem.

Cert says that there is a flaw in Sendmail that might allow an attacker to gain control of a vulnerable Sendmail server. Address parsing code in Sendmail does not adequately check the length of email addresses. An email message with a specially crafted address could trigger a stack overflow.

As a result Sendmail can be used to mount a denial-of-service attack. There is also a possibility that a hacker can gain control of the computer with privileges of the Sendmail daemon, typically root.

The vulnerability affects a wide range of versions of Sendmail including all versions of Sendmail Pro, and early versions of Sendmail for NT and Sendmail Switch and all systems running open source Sendmail prior to version 8.12.9.

Cert says that this vulnerability is important, because of the popularity of Sendmail as a Mail Transfer Agent (MTA), the chances are that most companies will have a vulnerable Sendmail server. As the vulnerability is delivered by email, non-vulnerable MTAs and firewalls are likely to pass the malicious email along until it hits a vulnerable server. Also workstations running Linux and Unix often have Sendmail running as a default.

More details of affected systems and patches can be found at Sendmail.org.