Description of problem:
Sendmail, Inc., and the Sendmail Consortium announce the availability of
sendmail 8.13.7. It fixes a potential denial of service problem caused by
excessive recursion which leads to stack exhaustion when attempting delivery
of a malformed MIME message. Therefore, the function mime8to7() has been
modified to limit the recursion level at (the compile time constant)
MAXMIMENESTING. Note: This denial of service attack only affects delivery of
mail from the queue and delivery of a malformed message. Other incoming mail
is still accepted and delivered. However, mail messages in the queue may not
be reattempted if a malformed MIME message exists.
Version-Release number of selected component (if applicable):
Upgrade to 8.13.7, updated Patch7 is attached.
Bug #195006 and #192850 should be also fixed before building the new version.
Created attachment 130888 [details]
Created attachment 130893 [details]
Updated Patch7: sendmail-8.13.7-pid.patch (as partial fix of bug #176679)
We need to bump this to priority high. This is a security issue, for a
denial of service....and a general rule of thumb is if you can DOS it, you can
eventually hack it.
No, we don't really need. This bug was filed against Fedora Core devel (that
means Rawhide) which shouldn't be used on production machines anyway. For RHEL
this issue is already resolved by RHSA-2006:0515-01. But to make you happy...
Fixed in rawhide in rpm sendmail-8.13.7-1 or newer.