漏洞信息详情

Sendmail DNS映射TXT记录远程缓冲区溢出漏洞

漏洞简介

Sendmail是一款免费开放源代码的邮件传输代理,可使用在多种Unix和Linux操作系统下。 Sendmail中处理DNS部分代码没有很好的检查名字服务器返回的数据,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以Sendmail进程的权限在系统上执行任意指令。 Sendmail在尝试使用TXT查询类型映射地址的时候没有很好的检查由名字服务器返回的数据,攻击者可以伪造名字服务器返回信息发送超长的字符串给邮件服务器,可导致sendmail产生缓冲区溢出,精心构建返回数据可能以sendmail进程的权限在系统上执行任意命令。 这个漏洞由于此部分处理代码没有被任何默认sendmail配置所使用,所以此漏洞等级为低,如果你使用定制的DNS映射定义来查询DNS TXT记录如: Kdnstxt dns -R TXT 那么你必须升级到8.12.5版本。

漏洞公告

厂商补丁: Sendmail Consortium ------------------- 目前厂商已经在新版的8.12.5版的软件中修复了这个安全问题,请到厂商的主页下载:

Sendmail Consortium Sendmail 8.11:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.11.1:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.11.2:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.11.3:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.11.4:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.11.5:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.11.6:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.12:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.12.1:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.12.2:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.12.3:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

Sendmail Consortium Sendmail 8.12.4:

Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz

参考网址

来源:US-CERT Vulnerability Note: VU#814627 名称: VU#814627 链接:http://www.kb.cert.org/vuls/id/814627 来源: XF 名称: sendmail-dns-txt-bo(9443) 链接:http://www.iss.net/security_center/static/9443.php 来源: www.sendmail.org 链接:http://www.sendmail.org/8.12.5.html 来源: BID 名称: 5122 链接:http://www.securityfocus.com/bid/5122 来源: US Government Resource: oval:org.mitre.oval:def:2183 名称: oval:org.mitre.oval:def:2183 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2183

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多