Mandrake Linux Security Advisory : sendmail (MDKSA-2003:092)

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A buffer overflow vulnerability was discovered in the address parsing
code in all versions of sendmail prior to 8.12.10 by Michal Zalewski,
with a patch to fix the problem provided by Todd C. Miller. This
vulnerability seems to be remotely exploitable on Linux systems
running on the x86 platform; the sendmail team is unsure of other
platforms (CVE-2003-0694).

Another potential buffer overflow was fixed in ruleset parsing which
is not exploitable in the default sendmail configuration. A problem
may occur if non-standard rulesets recipient (2), final (4), or
mailer- specific envelope recipients rulesets are use. This problem
was discovered by Timo Sirainen (CVE-2003-0681).

MandrakeSoft encourages all users who use sendmail to upgrade to the
provided packages which are patched to fix both problems.

See also :

http://www.nessus.org/u?abda8564
http://www.sendmail.org/8.12.10.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14074 (mandrake_MDKSA-2003-092.nasl)

Bugtraq ID:

CVE ID: CVE-2003-0681
CVE-2003-0694

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now