{"vuid":"VU#108964","idnumber":"108964","name":"Sendmail contains buffer overflow in ruleset parsing","keywords":["Sendmail","buffer overflow","ruleset parsing"],"overview":"Sendmail contains a buffer overflow vulnerability in the code that parses rulesets. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.This vulnerability does not affect the default configuration.","clean_desc":"Sendmail is a widely used mail transfer agent (MTA). There is a buffer overflow vulnerability in the code that parses rulesets. A system is vulnerable if it is configured to use the non-standard rulesets recipient (2), final (4), or mailer-specific envelope recipients. This is a different vulnerability than the one described in CA-2003-25/VU#784980.","impact":"Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.","resolution":"This issue is resolved in Sendmail 8.12.10.Beta2. Download the commercial version from: http://www.sendmail.com/ or the open-source version from: http://www.sendmail.org/","workarounds":"","sysaffected":"","thanks":"Thanks to Timo Sirainen for reporting this vulnerability.","author":"This document was written by Jason A Rafail.","public":["http://www.sendmail.com","http://www.sendmail.org"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-07-03T19:49:35Z","publicdate":"2003-07-01T00:00:00Z","datefirstpublished":"2003-09-18T18:09:43Z","dateupdated":"2003-09-18T20:34:10Z","revision":7,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"15","cam_population":"5","cam_impact":"15","cam_easeofexploitation":"10","cam_attackeraccessrequired":"15","cam_scorecurrent":"6.328125","cam_scorecurrentwidelyknown":"7.3828125","cam_scorecurrentwidelyknownexploited":"11.6015625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":6.328125,"vulnote":null}