Rapid7 Vulnerability & Exploit Database

RHSA-2003:265: Updated Sendmail packages fix vulnerability.

Back to Search

RHSA-2003:265: Updated Sendmail packages fix vulnerability.

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
10/20/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated Sendmail packages are available to fix a vulnerability in the handling of DNS maps.

Sendmail is a widely used Mail Transport Agent (MTA) which is included in all Red Hat Linux distributions. A bug has been discovered in the handling of DNS maps in Sendmail 8.12 versions before 8.12.9. A remote attacker can exploit this issue to crash the instance of Sendmail dealing with the request. We believe that the nature of the bug would make remote exploitation of this issue difficult, if at all possible. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0688 to this issue. Red Hat Linux 8.0 and 9 include versions of Sendmail vulnerable to this issue, however it only affects sites that use DNS maps through the "enhdnsbl" feature. Sendmail users that have enabled DNS maps are advised to update to the packages contained within this erratum which include a backported patch to correct this vulnerability. Red Hat would like to thank the Sendmail security team for notifying us of this issue.

Solution(s)

  • redhat-upgrade-sendmail
  • redhat-upgrade-sendmail-cf
  • redhat-upgrade-sendmail-devel
  • redhat-upgrade-sendmail-doc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;