Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: Sendmail Multi-Part MIME Message Handling Denial of Service vulnarability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sendmail Multi-Part MIME Message Handling Denial of Service vulnarability

The new Sendmail vulnerability reported and is cause due to an error in the termination of the recursive "mime8to7()" function when performing MIME conversions. It can be exploited to cause a certain sendmail process to crash when it runs out of stack space while processing a deeply nested malformed MIME message. It can be exploited by malicious people to cause a DoS (Denial of Service). You can apply patch or upgrade to 8.13.7 version.

Affected Version : 8.13.6 and prior.


The additional vulnerability information can be found following sites.
http://www.sendmail.org/releases/8.13.7.html
http://www.kb.cert.org/vuls/id/146718

Kevin

32 Posts

Sign Up for Free or Log In to start participating in the conversation!