Vulnerabilities > CVE-2003-0688
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 | |
| Application | 8 | |
| OS | 3 | |
| OS | 2 | |
| OS | 4 | |
| OS | 1 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_035.NASL description The remote host is missing the patch for the advisory SUSE-SA:2003:035 (sendmail). The well known and widely used MTA sendmail is vulnerable to a remote denial-of-service attack in version 8.12.8 and earlier (but not before 8.12). The bug exists in the DNS map code. This feature is enabled by specifying FEATURE(`enhdnsbl last seen 2020-06-01 modified 2020-06-02 plugin id 13803 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13803 title SUSE-SA:2003:035: sendmail NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-086.NASL description A vulnerability was discovered in all 8.12.x versions of sendmail up to and including 8.12.8. Due to wrong initialization of RESOURCE_RECORD_T structures, if sendmail receives a bad DNS reply it will call free() on random addresses which usually causes sendmail to crash. These updated packages are patched to fix the problem. last seen 2020-06-01 modified 2020-06-02 plugin id 14068 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14068 title Mandrake Linux Security Advisory : sendmail (MDKSA-2003:086)
Oval
| accepted | 2010-09-20T04:00:31.764-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| description | The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data. | ||||||||||||||||
| family | unix | ||||||||||||||||
| id | oval:org.mitre.oval:def:597 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2003-09-05T12:00:00.000-04:00 | ||||||||||||||||
| title | Denial of Service in Sendmail via the enhdnsbl Feature | ||||||||||||||||
| version | 41 |
Redhat
| advisories |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20030803-01-P
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000727
- http://www.kb.cert.org/vuls/id/993452
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:086
- http://www.novell.com/linux/security/advisories/2003_035_sendmail.html
- http://www.redhat.com/support/errata/RHSA-2003-265.html
- http://www.sendmail.org/dnsmap1.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A597