Bug 54877 - Sendmail vulnerabilities as reported by Nessus
Sendmail vulnerabilities as reported by Nessus
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: sendmail (Show other bugs)
7.1
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Florian La Roche
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-10-22 10:43 EDT by Dave J
Modified: 2007-04-18 12:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-12-18 16:31:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dave J 2001-10-22 10:43:55 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)

Description of problem:
Running nessus on a RH7.1 box patched up to include sendmail-8.11.6 shows 
significant vulnerabilities

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Install RH7.1 with all latest security fixes ( up to 8.Oct.2001 )
2. Run nessus with standard tests on box.
3. 
	

Actual Results:  Extract of report below

Service: smtp (25/tcp)
Severity: High


The remote STMP server is vulnerable to a buffer
overflow when issued a too long argument to the ETRN
command.

This problem may allow a bad guy to shut this server
down or to execute arbitrary code on this host.

Solution : contact your vendor for a fix. If you are using
Netwin's DMail, then upgrade to version 2.7r

Risk factor : High
CVE : CAN-2000-0490


Service: smtp (25/tcp)
Severity: High

It was possible to perform
a denial of service against the remote
Interscan SMTP server by sending it a special long HELO command. 

This problem allows a cracker to prevent
your Interscan SMTP server from handling requests.

Solution : contact your vendor for a patch.

Risk factor : Serious

Service: smtp (25/tcp)
Severity: High


There seem to be a buffer overflow in the remote SMTP server
when the server is issued a too long argument to the 'MAIL FROM'
command, such as :

	MAIL FROM: nessus@AAAAA....AAAAA

This problem may allow a cracker to prevent this host
to act as a mail host and may even allow him to execute
arbitrary code on this sytem.


Solution : Inform your vendor of this vulnerability
and wait for a patch.

Risk factor : High
CVE : CVE-2000-0452


Additional info:

There are been some bugs already in bugzilla, but these seem to be 
relating to prior to the sendmail 8.11.6 that was released on 6.Sept.

Is there a new RPM being released to bring RH up to the sendmail-8.12.x 
which is currently available ??
Comment 1 Alan Cox 2002-12-18 16:31:54 EST
8.11.6 was not vulerable. This looks like your nessus was buggy. The fact bits
of it also think you are running non sendmail mailers also implies that
---
It was possible to perform
a denial of service against the remote
Interscan SMTP server by sending it a special long HELO command. 
--

Yet it thinks you are running sendmail.

It should have been closed ages ago but it seems someone having decided it wasnt
a big issue forgot to close.

For general info on sendmail and security see www.sendmail.org

Alan


Note You need to log in before you can comment on or make changes to this bug.