• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Retired: Sendmail SM_SysLog Remote Memory Leak Denial Of Service Vulnerability

Sendmail is prone to a remote denial-of-service vulnerability. The application fails to properly free allocated memory regions when it is finished with them.

Remote attackers may leverage this issue to consume excessive memory, eventually crashing the application. This will deny further email service to legitimate users.

Sendmail versions prior to 8.13.6 are vulnerable to this issue.

** Update: Due to further analysis and details from the vendor, this BID is retired. Since the memory buffer that was documented as not being freed is a local variable, this is not a vulnerability.