English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.11316
Category:SMTP problems
Title:Sendmail remote header buffer overflow
Summary:Checks the version number
Description:
The remote sendmail server, according to its version number,
may be vulnerable to a remote buffer overflow allowing remote
users to gain root privileges.

Sendmail versions from 5.79 to 8.12.7 are vulnerable.
Solution : Upgrade to Sendmail ver 8.12.8 or greater or
if you cannot upgrade, apply patches for 8.10-12 here:

http://www.sendmail.org/patchcr.html

NOTE: manual patches do not change the version numbers.
Vendors who have released patched versions of sendmail
may still falsely show vulnerability.

*** OpenVAS reports this vulnerability using only
*** the banner of the remote SMTP server. Therefore,
*** this might be a false positive.

see http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
http://www.cert.org/advisories/CA-2003-07.html
http://www.kb.cert.org/vuls/id/398025
Cross-Ref: BugTraq ID: 2794
BugTraq ID: 6991
Common Vulnerability Exposure (CVE) ID: CVE-2001-1349
BindView Security Advisory: 20010528 Unsafe Signal Handling in Sendmail
http://razor.bindview.com/publish/advisories/adv_sm8120.html
Bugtraq: 20010529 sendmail 8.11.4 and 8.12.0.Beta10 available (fwd) (Google Search)
http://www.securityfocus.com/archive/1/187127
RedHat Security Advisories: RHSA-2001:106
http://rhn.redhat.com/errata/RHSA-2001-106.html
http://www.securityfocus.com/bid/2794
http://www.iss.net/security_center/static/6633.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-1337
ISS Security Advisory: 20030303 Remote Sendmail Header Processing Vulnerability
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
Bugtraq: 20030303 sendmail 8.12.8 available (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=104673778105192&w=2
Bugtraq: 20030304 [LSD] Technical analysis of the remote sendmail vulnerability (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=104678739608479&w=2
http://www.cert.org/advisories/CA-2003-07.html
FreeBSD Security Advisory: FreeBSD-SA-03:04
http://www.redhat.com/support/errata/RHSA-2003-073.html
http://www.redhat.com/support/errata/RHSA-2003-074.html
http://www.redhat.com/support/errata/RHSA-2003-227.html
SGI Security Advisory: 20030301-01-P
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
AIX APAR: IY40500
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
AIX APAR: IY40501
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
AIX APAR: IY40502
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
SuSE Security Announcement: SuSE-SA:2003:013 (Google Search)
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
NETBSD Security Advisory: NetBSD-SA2003-002
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc
Conectiva Linux advisory: CLA-2003:571
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
Debian Security Information: DSA-257 (Google Search)
http://www.debian.org/security/2003/dsa-257
HPdes Security Advisory: HPSBUX0302-246
http://marc.theaimsgroup.com/?l=bugtraq&m=104679411316818&w=2
Caldera Security Advisory: CSSA-2003-SCO.6
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
Caldera Security Advisory: CSSA-2003-SCO.5
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
Bugtraq: 20030304 GLSA: sendmail (200303-4) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=104678862409849&w=2
Bugtraq: 20030303 Fwd: APPLE-SA-2003-03-03 sendmail (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=104678862109841&w=2
CERT/CC vulnerability note: VU#398025
http://www.kb.cert.org/vuls/id/398025
http://www.securityfocus.com/bid/6991
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2222
http://www.iss.net/security_center/static/10748.php
CopyrightThis script is Copyright (C) 2003 SECNAP Network Security

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.