Are IMGate users running Postfix adversely affected by the sendmail
vulnerability?
Subject: Remote Sendmail Header Processing Vulnerability
March 3, 2003
SUMMARY:
The Department of Homeland Security (DHS), National Infrastructure
Protection Center (NIPC) is issuing this advisory to heighten awareness of
the recently discovered Remote Sendmail Header Processing Vulnerability
(CAN-2002-1337). NIPC has been working closely with the industry on
vulnerability awareness and information dissemination.
The Remote Sendmail Header Processing Vulnerability allows local and remote
users to gain almost complete control of a vulnerable Sendmail server.
Attackers gain the ability to execute privileged commands using super-user
(root) access/control. This vulnerability can be exploited through a simple
e-mail message containing malicious code. Sendmail is the most commonly used
Mail Transfer Agent and processes an estimated 50 to 75 percent of all
Internet e-mail traffic. System administrators should be aware that many
Sendmail servers are not typically shielded by perimeter defense
applications. A successful attacker could install malicious code, run
destructive programs and modify or delete files.
Additionally, attackers may gain access to other systems thru a compromised
Sendmail server, depending on local configurations. Sendmail versions 5.2 up
to 8.12.8 are known to be vulnerable at this time.
DESCRIPTION:
The Remote Sendmail Header Processing Vulnerability is exploited during the
processing and evaluation of e-mail header fields collected during an SMTP
transaction. Examples of these header fields are the �To�, �From� and �CC�
lines. The crackaddr() function in the Sendmail headers.c file allows
Sendmail to evaluate whether a supplied address or list of addresses
contained in the header fields is valid. Sendmail uses a static buffer to
store processed data. It detects when the static buffer becomes full and
stops adding characters. However, Sendmail continues processing data and
several security checks are used to ensure that characters are parsed
correctly. The vulnerability allows a remote attacker to gain access to the
Sendmail server by sending an e-mail containing a specially crafted address
field which triggers a buffer overflow.
RECOMMENDATION:
Due to the seriousness of this vulnerability, the NIPC is strongly
recommending that system administrators who employ Sendmail take this
opportunity to review the security of their Sendmail software and to either
upgrade to Sendmail 8.12.8 or apply the appropriate patch for older versions
as soon as possible. Patches for the vulnerability are available from
Sendmail, from ISS who discovered the vulnerability and from vendors whose
applications incorporate Sendmail code, including IBM, HP, SUN, Apple and
SGI. Other vendors will release patches in the near future.
The primary distribution site for Sendmail is: http://www.sendmail.org
Patches and information are also available from the following sites:
The ISS Download center - http://www.iss.net/download
IBM Corporation - http://www.ibm.com/support/us/
Hewlett-Packard , Co. - http://www.hp.com
Silicon Graphics Inc - . http://www.sgigate.sgi.com
Apple Computer, Inc. - http://www.apple.com/
Sun Microsystems, Inc. - http://www.sun.com/service/support/
Common Vulnerabilities and Exposure (CVE) Project - http://CVE.mitre.org
