Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Sendmail DNS Map TXT Record Buffer Overflow Vulnerability

Sendmail DNS Map TXT Record Buffer Overflow Vulnerability

by Nikola Strahija on July 1st, 2002 Sendmail is a freely available, open source mail transport agent. It is available for most Unix and Linux operating systems. A buffer overflow in the DNS handling code of Sendmail has been discovered. Sendmail attempting to map an address using a TXT query type does not properly check bounds on data returned from the nameserver. Because of this, a malicious nameserver could send a string of arbitrary length to the mail server, resulting in a buffer overflow, and potential code execution.


The Sendmail Consortium has stated that the possibility of exploitation is relatively low, as there are no known configurations that use this DNS map option.

Remote: Yes

Exploit: No

Solution: Fixes are available.


Sendmail Consortium Sendmail 8.11:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.11.1:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.11.2:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.11.3:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.11.4:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.11.5:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.11.6:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.12:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.12.1:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.12.2:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.12.3:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.12.4:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »