{"vuid":"VU#814627","idnumber":"814627","name":"Sendmail vulnerable to buffer overflow when DNS map is specified using TXT records","keywords":["Sendmail","buffer overflow","DNS map","TXT record","CAN-2002-0906","maps"],"overview":"A remotely exploitable buffer overflow exists in Sendmail, versions 8.12.0 through 8.12.4. This vulnerability only exhibits itself if you have modified the configuration file to look up TXT records in DNS.","clean_desc":"The buffer overflow occurs in the portion of code that process responses from DNS servers. Please note that the Sendmail Consortium has indicated that this vulnerability is not present in the standard Sendmail distribution because the option that can trigger the exposure is not enabled. For more details, please see the Sendmail announcement.","impact":"A remote attacker may be able to execute arbitrary code with the privileges of the Sendmail daemon, typically root. Note that there is no known exploit for this vulnerability.","resolution":"Upgrade to Sendmail 8.12.5 or apply the appropriate vendor-supplied patch.","workarounds":"","sysaffected":"","thanks":"The CERT/CC thanks Eric Allman and Gregory Shapiro for helping us construct this document.","author":"This document was written by Ian A Finlay and Jeffrey Havrilla.","public":["http://www.sendmail.org/8.12.5.html","http://www.securityfocus.com/bid/5122","http://secunia.com/advisories/13436/","http://sunsolve.sun.com/search/document.do?assetkey=1-26-57696-1"],"cveids":["CVE-2002-0906"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-06-28T12:05:49Z","publicdate":"2002-06-25T00:00:00Z","datefirstpublished":"2002-06-28T17:24:05Z","dateupdated":"2004-12-20T16:24:16Z","revision":33,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"4","cam_widelyknown":"15","cam_exploitation":"10","cam_internetinfrastructure":"17","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"8","cam_attackeraccessrequired":"15","cam_scorecurrent":"28.35","cam_scorecurrentwidelyknown":"31.725","cam_scorecurrentwidelyknownexploited":"38.475","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":28.35,"vulnote":null}