|
||||||||||||||||
|
||||||||||||||||
|
| |||||||||||||||
|
||||||||||||||||
|
||||||||||||||||
|
|
 |
| |
|
| |
| |
|
|
|
|
|
|
|
áòèé÷ :: Security-alerts |
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [security-alerts] FW: [SA15779] Sendmail Multi-Part MIME Message Handling Denial of Service
> > TITLE: > Sendmail Multi-Part MIME Message Handling Denial of Service > > SECUNIA ADVISORY ID: > SA15779 > > VERIFY ADVISORY: > > > CRITICAL: > Moderately critical > > IMPACT: > DoS > > WHERE: > From remote > > OPERATING SYSTEM: > Sendmail Sentrion 1.x > > > SOFTWARE: > Sendmail 8.x > > Sendmail Message Store/SAMS 1.x > > Sendmail Message Store/SAMS 2.x > > Sendmail Switch 2.x > > Sendmail Switch 3.x > > Intelligent Quarantine 3.x > > > DESCRIPTION: > A vulnerability has been reported in Sendmail, which can be exploited > by malicious people to cause a DoS (Denial of Service). > > The vulnerability is cause due to an error in the termination of the > recursive "mime8to7()" function when performing MIME conversions. > This can be exploited to cause a certain sendmail process to crash > when it runs out of stack space while processing a deeply nested > malformed MIME message. > > Successful exploitation causes the delivery of other queued messages > to fail or causes the generated core dump files to fill up available > disk space. > > The vulnerability has been reported in version 8.13.6 and prior. > > SOLUTION: > Update to version 8.13.7. > > Users of the commercial products should see the patch matrix in the > vendor advisory for details. > > PROVIDED AND/OR DISCOVERED BY: > The vendor credits Frank Sheiness. > > ORIGINAL ADVISORY: > Sendmail.org: > > > Sendmail.com: > >
|