WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec

Sendmail Address Prescan Memory Corruption Vulnerability

Risk
High

Date Discovered
03-29-2003

Description
It has been reported that Sendmail is affected by a memory corruption condition that is likely remotely exploitable. The flaw is present in the prescan() procedure, one that is used for processing e-mail addresses in SMTP headers. It is at least theoretically possible that this condition may be exploited by remote attackers to execute instructions on target systems. This vulnerability is due to a logic error in the conversion of a char to an integer value. It is eliminated in Sendmail version 8.12.9.

Symantec Enterprise Security Manager Network Assessment Module
Symantec Enterprise Security Manager Network Assessment Module detects and reports this vulnerability. Click here for the advisory released August 9, 2005.

Platforms Affected
Apple MacOS X 10.2 (Jaguar)
Apple MacOS X 10.2.1
Apple MacOS X 10.2.2
Apple MacOS X 10.2.3
Apple MacOS X 10.2.4
Apple MacOS X Server 10.2
Apple MacOS X Server 10.2.1
Apple MacOS X Server 10.2.2
Apple MacOS X Server 10.2.3
Caldera OpenLinux Server 3.1
Caldera OpenLinux Workstation 3.1
Compaq Tru64 5.0 a PK3 (BL17)
Compaq Tru64 5.1
Compaq Tru64 5.1 PK5 (BL19)
Compaq Tru64 5.1 a
Compaq Tru64 5.1 b
Conectiva Linux 6.0
Conectiva Linux 7.0
Conectiva Linux 8.0
Debian Linux 2.2
Debian Linux 2.2 68k
Debian Linux 2.2 alpha
Debian Linux 2.2 arm
Debian Linux 2.2 IA-32
Debian Linux 2.2 powerpc
Debian Linux 2.2 sparc
Debian Linux 3.0
Debian Linux 3.0 alpha
Debian Linux 3.0 arm
Debian Linux 3.0 hppa
Debian Linux 3.0 ia-32
Debian Linux 3.0 ia-64
Debian Linux 3.0 m68k
Debian Linux 3.0 mips
Debian Linux 3.0 mipsel
Debian Linux 3.0 ppc
Debian Linux 3.0 s/390
Debian Linux 3.0 sparc
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 5.0
IBM AIX 4.3.3
IBM AIX 5.1
IBM AIX 5.2
MandrakeSoft Corporate Server 1.0.1
MandrakeSoft Corporate Server 2.1
MandrakeSoft Linux Mandrake 7.2
MandrakeSoft Linux Mandrake 8.0
MandrakeSoft Linux Mandrake 8.0 ppc
MandrakeSoft Linux Mandrake 8.1
MandrakeSoft Linux Mandrake 8.1 ia64
MandrakeSoft Linux Mandrake 8.2
MandrakeSoft Linux Mandrake 8.2 ppc
MandrakeSoft Linux Mandrake 9.0
OpenBSD OpenBSD 3.1
OpenBSD OpenBSD 3.2
RedHat Linux 7.0
RedHat Linux 7.0 alpha
RedHat Linux 7.0 i386
RedHat Linux 7.0 sparc
RedHat Linux 7.1
RedHat Linux 7.1 alpha
RedHat Linux 7.1 i386
RedHat Linux 7.1 ia64
S.u.S.E. Linux 7.0
S.u.S.E. Linux 7.0 alpha
S.u.S.E. Linux 7.0 ppc
S.u.S.E. Linux 7.0 sparc
S.u.S.E. Linux 7.1
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.1 x86
S.u.S.E. Linux 7.2
SCO Open Server 5.0.4
SCO Open Server 5.0.5
SCO Open Server 5.0.6
SCO Open Server 5.0.6 a
SGI IRIX 6.5.7 f
SGI IRIX 6.5.7 m
SGI IRIX 6.5.8 f
SGI IRIX 6.5.8 m
SGI IRIX 6.5.9 f
SGI IRIX 6.5.9 m
SGI IRIX 6.5.10 f
SGI IRIX 6.5.10 m
SGI IRIX 6.5.11 f
SGI IRIX 6.5.11 m
SGI IRIX 6.5.12 f
SGI IRIX 6.5.12 m
SGI IRIX 6.5.13 f
SGI IRIX 6.5.13 m
SGI IRIX 6.5.14 f
SGI IRIX 6.5.14 m
SGI IRIX 6.5.15 f
SGI IRIX 6.5.15 m
SGI IRIX 6.5.16 f
SGI IRIX 6.5.16 m
SGI IRIX 6.5.17 f
SGI IRIX 6.5.17 m
SGI IRIX 6.5.18 f
SGI IRIX 6.5.18 m
SGI IRIX 6.5.19
Slackware Linux -current
Slackware Linux 7.1
Slackware Linux 8.0
Slackware Linux 8.1

Components Affected
Compaq Tru64 4.0 g PK3 (BL17)
Compaq Tru64 4.0 g
Compaq Tru64 4.0 f PK7 (BL18)
Compaq Tru64 4.0 f PK6 (BL17)
Compaq Tru64 4.0 f
Compaq Tru64 4.0 d PK9 (BL17)
Compaq Tru64 4.0 d
Compaq Tru64 4.0 b
Compaq Tru64 5.0 f
Compaq Tru64 5.0 a PK3 (BL17)
Compaq Tru64 5.0 a
Compaq Tru64 5.0 PK4 (BL18)
Compaq Tru64 5.0 PK4 (BL17)
Compaq Tru64 5.0
Compaq Tru64 5.1 b PK1 (BL1)
Compaq Tru64 5.1 b
Compaq Tru64 5.1 a PK3 (BL3)
Compaq Tru64 5.1 a PK2 (BL2)
Compaq Tru64 5.1 a PK1 (BL1)
Compaq Tru64 5.1 a
Compaq Tru64 5.1 PK6 (BL20)
Compaq Tru64 5.1 PK5 (BL19)
Compaq Tru64 5.1 PK4 (BL18)
Compaq Tru64 5.1 PK3 (BL17)
Compaq Tru64 5.1
HP HP-UX 10.0 1
HP HP-UX 10.0
HP HP-UX 10.1 0
HP HP-UX 10.8
HP HP-UX 10.9
HP HP-UX 10.10
HP HP-UX 10.16
HP HP-UX 10.20 SIS
HP HP-UX 10.20 Series 800
HP HP-UX 10.20 Series 700
HP HP-UX 10.20
HP HP-UX 10.24
HP HP-UX 10.26
HP HP-UX 10.30
HP HP-UX 10.34
HP HP-UX 11.0 4
HP HP-UX 11.0
HP HP-UX 11.11
HP HP-UX 11.20
HP HP-UX 11.22
HP HP-UX (VVOS) 10.24
HP HP-UX (VVOS) 11.0 4
HP HP-UX (VVOS) 11.0.4
Sendmail Consortium Sendmail 8.9 .0
Sendmail Consortium Sendmail 8.9.1
Sendmail Consortium Sendmail 8.9.2
Sendmail Consortium Sendmail 8.9.3
Sendmail Consortium Sendmail 8.10
Sendmail Consortium Sendmail 8.10.1
Sendmail Consortium Sendmail 8.10.2
Sendmail Consortium Sendmail 8.11
Sendmail Consortium Sendmail 8.11.1
Sendmail Consortium Sendmail 8.11.2
Sendmail Consortium Sendmail 8.11.3
Sendmail Consortium Sendmail 8.11.4
Sendmail Consortium Sendmail 8.11.5
Sendmail Consortium Sendmail 8.11.6
Sendmail Consortium Sendmail 8.12 beta7
Sendmail Consortium Sendmail 8.12 beta5
Sendmail Consortium Sendmail 8.12 beta16
Sendmail Consortium Sendmail 8.12 beta12
Sendmail Consortium Sendmail 8.12 beta10
Sendmail Consortium Sendmail 8.12 .0
Sendmail Consortium Sendmail 8.12.1
Sendmail Consortium Sendmail 8.12.2
Sendmail Consortium Sendmail 8.12.3
Sendmail Consortium Sendmail 8.12.4
Sendmail Consortium Sendmail 8.12.5
Sendmail Consortium Sendmail 8.12.6
Sendmail Consortium Sendmail 8.12.7
Sendmail Consortium Sendmail 8.12.8
Sendmail Inc Sendmail for NT 2.6
Sendmail Inc Sendmail for NT 2.6.1
Sendmail Inc Sendmail for NT 2.6.2
Sendmail Inc Sendmail for NT 3.0
Sendmail Inc Sendmail for NT 3.0.1
Sendmail Inc Sendmail for NT 3.0.2
Sendmail Inc Sendmail for NT 3.0.3
Sendmail Inc Sendmail Switch 2.1
Sendmail Inc Sendmail Switch 2.1.1
Sendmail Inc Sendmail Switch 2.1.2
Sendmail Inc Sendmail Switch 2.1.3
Sendmail Inc Sendmail Switch 2.1.4
Sendmail Inc Sendmail Switch 2.1.5
Sendmail Inc Sendmail Switch 2.2
Sendmail Inc Sendmail Switch 2.2.1
Sendmail Inc Sendmail Switch 2.2.2
Sendmail Inc Sendmail Switch 2.2.3
Sendmail Inc Sendmail Switch 2.2.4
Sendmail Inc Sendmail Switch 2.2.5
Sendmail Inc Sendmail Switch 3.0
Sendmail Inc Sendmail Switch 3.0.1
Sendmail Inc Sendmail Switch 3.0.2
Sendmail Inc Sendmail Switch 3.0.3
Sun Solaris 2.4 _x86
Sun Solaris 2.4
Sun Solaris 2.5 _x86
Sun Solaris 2.5
Sun Solaris 2.5.1 _x86
Sun Solaris 2.5.1 _ppc
Sun Solaris 2.5.1
Sun Solaris 2.6 _x86
Sun Solaris 2.6
Sun Solaris 7.0 _x86
Sun Solaris 7.0
Sun Solaris 8.0 _x86
Sun Solaris 8.0
Sun Solaris 9.0 _x86 Update 2
Sun Solaris 9.0 _x86
Sun Solaris 9.0

Recommendations
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Administrators should monitor system and IDS logs for anomalies. Crashes or abnormal termination of the sendmail service should also be flagged as suspicious events. Attacks would likely result in such occurrances.

Sendmail version 8.12.9 is not affected by this vulnerability. Affected users are advised to upgrade if possible. A source code patch for various versions is also available:



Compaq Tru64 4.0 g PK3 (BL17):
Compaq Tru64 4.0 g:
Compaq Tru64 4.0 f PK7 (BL18):
Compaq Tru64 4.0 f PK6 (BL17):
Compaq Tru64 4.0 f:
Compaq Tru64 4.0 d PK9 (BL17):
Compaq Tru64 4.0 d:
Compaq Tru64 4.0 b:
Compaq Tru64 5.0 f:
Compaq Tru64 5.0 a PK3 (BL17):
Compaq Tru64 5.0 a:
Compaq Tru64 5.0 PK4 (BL18):
Compaq Tru64 5.0 PK4 (BL17):
Compaq Tru64 5.0:
Compaq Tru64 5.1 b PK1 (BL1):
Compaq Tru64 5.1 b:
Compaq Tru64 5.1 a PK3 (BL3):
Compaq Tru64 5.1 a PK2 (BL2):
Compaq Tru64 5.1 a PK1 (BL1):
Compaq Tru64 5.1 a:
Compaq Tru64 5.1 PK6 (BL20):
Compaq Tru64 5.1 PK5 (BL19):
Compaq Tru64 5.1 PK4 (BL18):
Compaq Tru64 5.1 PK3 (BL17):
Compaq Tru64 5.1:
HP HP-UX 10.0 1:
HP HP-UX 10.0:
HP HP-UX 10.1 0:
HP HP-UX 10.8:
HP HP-UX 10.9:
HP HP-UX 10.10:
HP HP-UX 10.16:
HP HP-UX 10.20 SIS:
HP HP-UX 10.20 Series 800:
HP HP-UX 10.20 Series 700:
HP HP-UX 10.20:
HP HP-UX 10.24:
HP HP-UX 10.26:
HP HP-UX 10.30:
HP HP-UX 10.34:
HP HP-UX 11.0 4:
HP HP-UX 11.0:
HP HP-UX 11.11:
HP HP-UX 11.20:
HP HP-UX 11.22:
HP HP-UX (VVOS) 10.24:
HP HP-UX (VVOS) 11.0 4:
HP HP-UX (VVOS) 11.0.4:
Sendmail Consortium Sendmail 8.9 .0:

Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz
Sendmail Consortium Patch prescan.tar.gz.uu
ftp://ftp.sendmail.org/pub/sendmail/prescan.tar.gz.uu

Sendmail Consortium Sendmail 8.9.1:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.9.2:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.9.3:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz
Sendmail Consortium Patch prescan.tar.gz.uu
ftp://ftp.sendmail.org/pub/sendmail/prescan.tar.gz.uu

Sendmail Consortium Sendmail 8.10:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.10.1:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.10.2:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.11:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz
Sendmail Consortium Patch prescan.tar.gz.uu
ftp://ftp.sendmail.org/pub/sendmail/prescan.tar.gz.uu

Sendmail Consortium Sendmail 8.11.1:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.11.2:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.11.3:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.11.4:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.11.5:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.11.6:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz
Sendmail Consortium Patch prescan.tar.gz.uu
ftp://ftp.sendmail.org/pub/sendmail/prescan.tar.gz.uu

Sendmail Consortium Sendmail 8.12 beta7:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12 beta5:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12 beta16:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12 beta12:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12 beta10:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12 .0:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz
Sendmail Consortium Patch prescan.tar.gz.uu
ftp://ftp.sendmail.org/pub/sendmail/prescan.tar.gz.uu

Sendmail Consortium Sendmail 8.12.1:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12.2:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12.3:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12.4:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12.5:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12.6:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12.7:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12.8:
Sendmail Consortium Upgrade sendmail.8.12.9.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz
Sendmail Consortium Patch prescan.tar.gz.uu
ftp://ftp.sendmail.org/pub/sendmail/prescan.tar.gz.uu

Sendmail Inc Sendmail for NT 2.6:
Sendmail Inc Sendmail for NT 2.6.1:
Sendmail Inc Sendmail for NT 2.6.2:
Sendmail Inc Sendmail for NT 3.0:
Sendmail Inc Sendmail for NT 3.0.1:
Sendmail Inc Sendmail for NT 3.0.2:
Sendmail Inc Sendmail for NT 3.0.3:
Sendmail Inc Sendmail Switch 2.1:
Sendmail Inc Sendmail Switch 2.1.1:
Sendmail Inc Sendmail Switch 2.1.2:
Sendmail Inc Sendmail Switch 2.1.3:
Sendmail Inc Sendmail Switch 2.1.4:
Sendmail Inc Sendmail Switch 2.1.5:
Sendmail Inc Sendmail Switch 2.2:
Sendmail Inc Sendmail Switch 2.2.1:
Sendmail Inc Sendmail Switch 2.2.2:
Sendmail Inc Sendmail Switch 2.2.3:
Sendmail Inc Sendmail Switch 2.2.4:
Sendmail Inc Sendmail Switch 2.2.5:
Sendmail Inc Sendmail Switch 3.0:
Sendmail Inc Sendmail Switch 3.0.1:
Sendmail Inc Sendmail Switch 3.0.2:
Sendmail Inc Sendmail Switch 3.0.3:
Sun Solaris 2.4 _x86:
Sun Solaris 2.4:
Sun Solaris 2.5 _x86:
Sun Solaris 2.5:
Sun Solaris 2.5.1 _x86:
Sun Solaris 2.5.1 _ppc:
Sun Solaris 2.5.1:
Sun Solaris 2.6 _x86:
Sun Solaris 2.6:
Sun Solaris 7.0 _x86:
Sun Solaris 7.0:
Sun Solaris 8.0 _x86:
Sun Solaris 8.0:
Sun Solaris 9.0 _x86 Update 2:
Sun Solaris 9.0 _x86:
Sun Solaris 9.0:

References
Source: CERT CA-2003-12 Buffer Overflow in Sendmail
URL: http://online.securityfocus.com/advisories/5191

Source: sendmail 8.12.9 available
URL: msg://bugtraq/20030329111948.C17695@zardoc.esmtp.org

Source: Sendmail: -1 gone wild
URL: msg://bugtraq/316773

Source: Sendmail Homepage
URL: http://www.sendmail.org/

Credits
Discovery credited to Michal Zalewski.


Copyright (c) 2003 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from symsecurity@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and SymSecurity are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.