Updated Sendmail packages are available to fix a vulnerability in the handling of DNS maps.
Sendmail is a widely used Mail Transport Agent (MTA) which is included in all Red Hat Linux distributions. A bug has been discovered in the handling of DNS maps in Sendmail 8.12 versions before 8.12.9. A remote attacker can exploit this issue to crash the instance of Sendmail dealing with the request. We believe that the nature of the bug would make remote exploitation of this issue difficult, if at all possible. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0688 to this issue. Red Hat Linux 8.0 and 9 include versions of Sendmail vulnerable to this issue, however it only affects sites that use DNS maps through the "enhdnsbl" feature. Sendmail users that have enabled DNS maps are advised to update to the packages contained within this erratum which include a backported patch to correct this vulnerability. Red Hat would like to thank the Sendmail security team for notifying us of this issue.