RHEL 2.1 : sendmail (RHSA-2003:284)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated Sendmail packages that fix a potentially-exploitable
vulnerability are now available.

Sendmail is a widely used Mail Transport Agent (MTA) and is included
in all Red Hat Enterprise Linux distributions.

There is a bug in the prescan() function of Sendmail versions prior to
and including 8.12.9. The sucessful exploitation of this bug can lead
to heap and stack structure overflows. Although no exploit currently
exists, this issue is locally exploitable and may also be remotely
exploitable. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0694 to this issue.

All users are advised to update to these erratum packages containing a
backported patch which corrects these vulnerabilities.

Red Hat would like to thank Michal Zalewski for finding and reporting
this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0694.html
http://rhn.redhat.com/errata/RHSA-2003-284.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12422 ()

Bugtraq ID:

CVE ID: CVE-2003-0694