• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sendmail DNS Maps Remote Denial of Service Vulnerability

Solution:
Red Hat has released an advisory (RHSA-2003:265-01) to address this issue. See referenced advisory for further detail regarding applying fixes.

SGI has released a security advisory containing a patch to address this issue in IRIX 6.5.19 - 6.5.21.

A patch haS been released for OpenBSD 3.2, however OpenBSD 3.3 was distributed with Sendmail 8.12.9 and therefore is not affected.

A patch has been released by FreeBSD to address this issue. It has been confirmed to work on FreeBSD 5.0, 4.8, 4.7, and 4.6 systems. Additional details regarding RELENG releases, and other fixed releases can be found in the attached FreeBSD advisory.

Mandrake Linux has released a security advisory containing fixes to address this issue.

Conectiva has released a security advisory (CLA-2003:727) that includes fixes to address this issue.

SOTLinux has released a security advisory (SLSA-2003:39) that includes fixed to address this issue.

HP has released a security bulletin (SSRT3612) for Tru64 UNIX that includes fixes for Sendmail. Please see the attached advisory for details on obtaining and applying fixes. It should be noted that this bulletin has been revised to state that Sendmail versions shipped with Tru64 UNIX 5.1A and 5.1B are not affected by this vulnerability.

This issue has been addressed in Sendmail 8.12.9 and users are urged to upgrade as soon as possible.


OpenBSD OpenBSD 3.2

• OpenBSD 016_sendmail.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/016_sendmail.patc h

RedHat sendmail-8.12.5-7.i386.rpm

• Red Hat sendmail-8.12.8-6.80.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/sendmail-8.12.8-6.80.i386.rpm

RedHat sendmail-devel-8.12.8-4.i386.rpm

• Red Hat sendmail-devel-8.12.8-6.90.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/sendmail-devel-8.12.8-6.90.i386. rpm

RedHat sendmail-doc-8.12.8-4.i386.rpm

• Red Hat sendmail-doc-8.12.8-6.90.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/sendmail-doc-8.12.8-6.90.i386.rp m

RedHat sendmail-doc-8.12.5-7.i386.rpm

• Red Hat sendmail-doc-8.12.8-6.80.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/sendmail-doc-8.12.8-6.80.i386. rpm

RedHat sendmail-cf-8.12.5-7.i386.rpm

• Red Hat sendmail-cf-8.12.8-6.80.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/sendmail-cf-8.12.8-6.80.i386.r pm

RedHat sendmail-cf-8.12.8-4.i386.rpm

• Red Hat sendmail-cf-8.12.8-6.90.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/sendmail-cf-8.12.8-6.90.i386.rpm

RedHat sendmail-devel-8.12.5-7.i386.rpm

• Red Hat sendmail-devel-8.12.8-6.80.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/sendmail-devel-8.12.8-6.80.i38 6.rpm

RedHat sendmail-8.12.8-4.i386.rpm

• Red Hat sendmail-8.12.8-6.90.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/sendmail-8.12.8-6.90.i386.rpm

FreeBSD FreeBSD 4.6

• FreeBSD sendmail.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:11/sendmail.patch

FreeBSD FreeBSD 4.7

• FreeBSD sendmail.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:11/sendmail.patch

FreeBSD FreeBSD 4.8

• FreeBSD sendmail.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:11/sendmail.patch

FreeBSD FreeBSD 5.0

• FreeBSD sendmail.patch
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:11/sendmail.patch

SGI IRIX 6.5.19

• SGI patch5287.tar
  ftp://patches.sgi.com/support/free/security/patches/

SGI IRIX 6.5.20

• SGI patch5287.tar
  ftp://patches.sgi.com/support/free/security/patches/

SGI IRIX 6.5.21

• SGI patch5287.tar
  ftp://patches.sgi.com/support/free/security/patches/

Sendmail Consortium Sendmail 8.12.1

• Mandrake sendmail-8.12.1-4.4mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-cf-8.12.1-4.4mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-devel-8.12.1-4.4mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-doc-8.12.1-4.4mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-8.12.1-4.4mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-cf-8.12.1-4.4mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-devel-8.12.1-4.4mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-doc-8.12.1-4.4mdk.ppc.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Sendmail Consortium sendmail.8.12.9.tar.gz
  ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12.2

• Sendmail Consortium sendmail.8.12.9.tar.gz
  ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12.3

• Sendmail Consortium sendmail.8.12.9.tar.gz
  ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz


• SuSE sendmail-8.12.3-76.i386.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/sendmail-8.12.3-76.i386 .patch.rpm


• SuSE uucp-1.06.1-931.i386.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/uucp-1.06.1-931.i386.pa tch.rpm


• SuSE uucp-1.06.1-931.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/uucp-1.06.1-931.i 586.patch.rpm


• SuSE sendmail-8.12.3-76.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/sendmail-8.12.3-76.i386 .rpm


• SuSE uucp-1.06.1-931.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/uucp-1.06.1-931.i386.rp m

Sendmail Consortium Sendmail 8.12.4

• Sendmail Consortium sendmail.8.12.9.tar.gz
  ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12.5

• Conectiva sendmail-8.12.5-26986U90_2cl.i386.rpm
  tp://atualizacoes.conectiva.com.br/9/RPMS/sendmail-8.12.5-26986U90_2cl .i386.rpm


• Conectiva sendmail-cf-8.12.5-26986U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/sendmail-cf-8.12.5-26986U90 _2cl.i386.rpm


• Conectiva sendmail-doc-8.12.5-26986U90_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/sendmail-doc-8.12.5-26986U9 0_2cl.i386.rpm


• Sendmail Consortium sendmail.8.12.9.tar.gz
  ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz

Sendmail Consortium Sendmail 8.12.6

• Mandrake sendmail-8.12.6-3.4mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-8.12.6-3.4mdk.x86_64.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-cf-8.12.6-3.4mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-cf-8.12.6-3.4mdk.x86_64.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-devel-8.12.6-3.4mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-devel-8.12.6-3.4mdk.x86_64.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-doc-8.12.6-3.4mdk.i586.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-doc-8.12.6-3.4mdk.x86_64.rpm
  http://www.mandrakesecure.net/en/ftp.php


• Sendmail Consortium sendmail.8.12.9.tar.gz
  ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz


• SuSE sendmail-8.12.6-147.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/sendmail-8.12.6-1 47.i586.patch.rpm


• SuSE uucp-1.06.1-931.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/uucp-1.06.1-931.i 586.patch.rpm


• SuSE uucp-1.06.1-931.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/uucp-1.06.1-931.i 586.patch.rpm


• SuSE sendmail-8.12.6-147.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/sendmail-8.12.6-1 47.i586.rpm


• SuSE uucp-1.06.1-931.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/uucp-1.06.1-931.i 586.rpm

Sendmail Consortium Sendmail 8.12.7

• OpenPKG sendmail-8.12.7-1.2.3.src.rpm
  ftp://ftp.openpkg.org/release/1.2/UPD/sendmail-8.12.7-1.2.3.src.rpm


• Sendmail Consortium sendmail.8.12.9.tar.gz
  ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz


• SOTLinux sendmail-8.12.7-2.i386.rpm
  ftp://ftp.sot.com/updates/2003/Desktop/i386/sendmail-8.12.7-2.i386.rpm


• SOTLinux sendmail-8.12.7-2.i386.rpm
  ftp://ftp.sot.com/updates/2003/Server/i386/sendmail-8.12.7-2.i386.rpm


• SuSE sendmail-8.12.7-73.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/sendmail-8.12.7-7 3.i586.patch.rpm


• SuSE uucp-1.06.1-931.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/uucp-1.06.1-931.i 586.patch.rpm


• SuSE sendmail-8.12.7-73.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/sendmail-8.12.7-7 3.i586.rpm


• SuSE uucp-1.06.1-931.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/uucp-1.06.1-931.i 586.rpm

Sendmail Consortium Sendmail 8.12.8

• Sendmail Consortium sendmail.8.12.9.tar.gz
  ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz