Sendmail headers.c crackaddr Function Address Field Handling Remote Overflow

This script is Copyright (C) 2003-2012 SECNAP Network Security


Synopsis :

The remote host has an application that is affected by a buffer
overflow vulnerability.

Description :

The remote sendmail server, according to its version number, may be
affected by a remote buffer overflow allowing remote users to gain
root privileges.

Sendmail versions from 5.79 to 8.12.7 are affected.

*** Nessus reports this vulnerability using only
*** the banner of the remote SMTP server. Therefore,
*** this might be a false positive.

Solution :

Upgrade to Sendmail ver 8.12.8 or later. If you cannot upgrade, apply
patches for 8.10-12 here :

http://www.sendmail.org/patchcr.html

NOTE: manual patches do not change the version numbers.
Vendors who have released patched versions of sendmail
may still falsely show vulnerability.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 11316 ()

Bugtraq ID: 6991

CVE ID: CVE-2002-1337