RHEL 2.1 : sendmail (RHSA-2003:284)

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated Sendmail packages that fix a potentially-exploitable
vulnerability are now available.

Sendmail is a widely used Mail Transport Agent (MTA) and is included
in all Red Hat Enterprise Linux distributions.

There is a bug in the prescan() function of Sendmail versions prior to
and including 8.12.9. The sucessful exploitation of this bug can lead
to heap and stack structure overflows. Although no exploit currently
exists, this issue is locally exploitable and may also be remotely
exploitable. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0694 to this issue.

All users are advised to update to these erratum packages containing a
backported patch which corrects these vulnerabilities.

Red Hat would like to thank Michal Zalewski for finding and reporting
this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2003-0694.html
http://rhn.redhat.com/errata/RHSA-2003-284.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12422 ()

Bugtraq ID:

CVE ID: CVE-2003-0694

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial