• info
• discussion
• exploit
• solution
• references

Sendmail Ruleset Parsing Buffer Overflow Vulnerability

Solution:
The vendor has released Sendmail 8.12.10 to address this issue. Please see the references for more information.


HP HP-UX B.11.23

• HP PHNE_35485
  http://itrc.hp.com

HP HP-UX B.11.11

• HP PHNE_35484
  http://itrc.hp.com

HP HP-UX B.11.00

• HP PHNE_35483
  http://itrc.hp.com

OpenBSD OpenBSD 3.2

• OpenBSD 018_sendmail.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/018_sendmail.patc h

Sun Cobalt RaQ 4

• Sun RaQ4-All-Security-2.0.2-16620.pkg
  http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0. 2-16620.pkg

HP HP-UX 11.0 4

• HP sendmail.893.11.00.r4.gz
  ftp://sendmail:sendmail@hprc.external.hp.com/sendmail.893.11.00.r4.gz

HP HP-UX 11.11

• HP sendmail.811.11.11.r4.gz
  ftp://sendmail:sendmail@hprc.external.hp.com/sendmail.811.11.11.r4.gz


• HP sendmail.811.11.22.r5.gz
  ftp://sendmail:sendmail@hprc.external.hp.com/sendmail.811.11.22.r5.gz


• HP sendmail_893.11.11.r4.gz
  ftp://sendmail:sendmail@hprc.external.hp.com/sendmail_893.11.11.r4.gz

HP HP-UX 11.22

• HP sendmail.811.11.22.r5.gz
  ftp://sendmail:sendmail@hprc.external.hp.com/sendmail.811.11.22.r5.gz

Sendmail Consortium Sendmail 8.10

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.10.1

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.10.2

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html


• Sun RaQ4-All-Security-2.0.2-16620.pkg
  http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0. 2-16620.pkg


• Sun Qube3-All-Security-4.0.1-16620.pkg
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0 .1-16620.pkg


• Sun RaQXTR-All-Security-1.0.1-16620.pkg
  http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-16620.pkg

Sendmail Consortium Sendmail 8.11

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.11.2

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.11.3

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.11.4

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html


• TurboLinux sendmail-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/sendmail-8.11.6-12.i586.rpm


• TurboLinux sendmail-cf-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/sendmail-cf-8.11.6-12.i586.rpm


• TurboLinux sendmail-doc-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/sendmail-doc-8.11.6-12.i586.rpm

Sendmail Consortium Sendmail 8.11.5

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.11.6

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html


• TurboLinux sendmail-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/sendmail-8.11.6-12.i586.rpm


• TurboLinux sendmail-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/sendmail-8.11.6-12.i586.rpm


• TurboLinux sendmail-cf-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/sendmail-cf-8.11.6-12.i586.rpm


• TurboLinux sendmail-cf-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/sendmail-cf-8.11.6-12.i586.rpm


• TurboLinux sendmail-doc-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/sendmail-doc-8.11.6-12.i586.rpm


• TurboLinux sendmail-doc-8.11.6-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/sendmail-doc-8.11.6-12.i586.rpm

Sendmail Consortium Sendmail 8.12 beta12

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.12 beta5

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.12.1

• Mandrake sendmail-8.12.1-4.5mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-cf-8.12.1-4.5mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-devel-8.12.1-4.5mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-doc-8.12.1-4.5mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.12.3

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.12.4

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.12.7

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.12.8

• Mandrake sendmail-8.12.9-1.2mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-8.12.9-1.2mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-cf-8.12.9-1.2mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-cf-8.12.9-1.2mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-devel-8.12.9-1.2mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-devel-8.12.9-1.2mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-doc-8.12.9-1.2mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sendmail-doc-8.12.9-1.2mdk.ppc.rpm
  Mandrake Linux 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.9 .0

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.9.2

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html

Sendmail Consortium Sendmail 8.9.3

• Sendmail Consortium Sendmail 8.12.10
  http://www.sendmail.org/8.12.10.html


• TurboLinux sendmail-8.9.3-31.i386.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServ er/6/ja/updates/RPMS/sendmail-8.9.3-31.i386.rpm


• TurboLinux sendmail-8.9.3-31.i386.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/j a/updates/RPMS/sendmail-8.9.3-31.i386.rpm


• TurboLinux sendmail-8.9.3-31.i386.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/u pdates/RPMS/sendmail-8.9.3-31.i386.rpm


• TurboLinux sendmail-8.9.3-31.i386.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 6.0/ja/updates/RPMS/sendmail-8.9.3-31.i386.rpm


• TurboLinux sendmail-cf-8.9.3-31.i386.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServ er/6/ja/updates/RPMS/sendmail-cf-8.9.3-31.i386.rpm


• TurboLinux sendmail-cf-8.9.3-31.i386.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/j a/updates/RPMS/sendmail-cf-8.9.3-31.i386.rpm


• TurboLinux sendmail-cf-8.9.3-31.i386.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/u pdates/RPMS/sendmail-cf-8.9.3-31.i386.rpm


• TurboLinux sendmail-cf-8.9.3-31.i386.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 6.0/ja/updates/RPMS/sendmail-cf-8.9.3-31.i386.rpm


• TurboLinux sendmail-doc-8.9.3-31.i386.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/AdvancedServ er/6/ja/updates/RPMS/sendmail-doc-8.9.3-31.i386.rpm


• TurboLinux sendmail-doc-8.9.3-31.i386.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.1/j a/updates/RPMS/sendmail-doc-8.9.3-31.i386.rpm


• TurboLinux sendmail-doc-8.9.3-31.i386.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/6.5/u pdates/RPMS/sendmail-doc-8.9.3-31.i386.rpm


• TurboLinux sendmail-doc-8.9.3-31.i386.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 6.0/ja/updates/RPMS/sendmail-doc-8.9.3-31.i386.rpm