Sendmail < 8.12.9 NOCHAR Control Value prescan Overflow

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.


Synopsis :

Arbitrary code may be run on the remote server

Description :

The remote sendmail server, according to its version number,
may be vulnerable to a remote buffer overflow allowing remote
users to gain root privileges.

Sendmail versions from 5.79 to 8.12.8 are vulnerable.

NOTE: manual patches do not change the version numbers.
Vendors who have released patched versions of sendmail may still
falsely show vulnerability.

*** Nessus reports this vulnerability using only the banner of the
*** remote SMTP server. Therefore, this might be a false positive.

Solution :

Upgrade to Sendmail ver 8.12.9 or greater or
if you cannot upgrade, apply patches for 8.10-12 here:

http://web.archive.org/web/20031202022838/http://www.sendmail.org/patchps.html

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 11499 ()

Bugtraq ID: 7230

CVE ID: CVE-2003-0161