RHEL 2.1 : sendmail (RHSA-2003:121)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated Sendmail packages are available to fix a vulnerability that
allows local and possibly remote attackers to gain root privileges.

Sendmail is a widely used Mail Transport Agent (MTA) which is included
in all Red Hat Enterprise Linux distributions.

There is a vulnerability in Sendmail versions 8.12.8 and prior. The
address parser performs insufficient bounds checking in certain
conditions due to a char to int conversion, making it possible for an
attacker to take control of the application. Although no exploit
currently exists, this issue is probably locally exploitable and may
be remotely exploitable.

All users are advised to update to these erratum packages containing a
backported patch which corrects these vulnerabilities.

Red Hat would like to thank Michal Zalewski for finding and reporting
this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0161.html
http://rhn.redhat.com/errata/RHSA-2003-121.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12385 ()

Bugtraq ID:

CVE ID: CVE-2003-0161