• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sendmail DNS Maps Remote Denial of Service Vulnerability

A potential vulnerability has been discovered in Sendmail 8.12.x versions prior to 8.12.9, when implementing the use of DNS Maps. The problem specifically lies in the fact that Sendmail fails to properly initialized dynamically allocated data, which may referenced at a later time when freeing memory.

The problem specifically occurs when an invalid DNS reply is returned, specifically one with a differing size than announced. This will cause Sendmail to enter a routine designed to free the final object from a list of the uninitialized structures. The structures are traversed until a NULL pointer is detected, however due to the incorrect initialization the structures may contain garbage data, potentially triggering a call to free() on random data. This would effectively result in Sendmail dereferencing invalid data, causing it to crash.

Theoretically, if this data were to be controlled by an attacker at some point during execution, it may be possible to exploit this issue to execute arbitrary code. This however has not been confirmed.