Sendmail < 8.12.9 NOCHAR Control Value prescan Overflow

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.

Synopsis :

Arbitrary code may be run on the remote server

Description :

The remote sendmail server, according to its version number,
may be vulnerable to a remote buffer overflow allowing remote
users to gain root privileges.

Sendmail versions from 5.79 to 8.12.8 are vulnerable.

NOTE: manual patches do not change the version numbers.
Vendors who have released patched versions of sendmail may still
falsely show vulnerability.

*** Nessus reports this vulnerability using only the banner of the
*** remote SMTP server. Therefore, this might be a false positive.

Solution :

Upgrade to Sendmail ver 8.12.9 or greater or
if you cannot upgrade, apply patches for 8.10-12 here:

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 11499 ()

Bugtraq ID: 7230

CVE ID: CVE-2003-0161

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now