首页 -> 安全研究
安全研究
安全漏洞
Sendmail DNS映射TXT记录远程缓冲区溢出漏洞
发布日期:2002-06-28
更新日期:2002-07-04
受影响系统:
Sendmail Consortium Sendmail 8.12.4不受影响系统:
Sendmail Consortium Sendmail 8.12.3
Sendmail Consortium Sendmail 8.12.2
Sendmail Consortium Sendmail 8.12.1
Sendmail Consortium Sendmail 8.12
Sendmail Consortium Sendmail 8.11.6
Sendmail Consortium Sendmail 8.11.5
Sendmail Consortium Sendmail 8.11.4
Sendmail Consortium Sendmail 8.11.3
Sendmail Consortium Sendmail 8.11.2
Sendmail Consortium Sendmail 8.11.1
Sendmail Consortium Sendmail 8.11
Sendmail Consortium Sendmail 8.12.5描述:
BUGTRAQ ID: 5122
CVE(CAN) ID: CVE-2002-0906
Sendmail是一款免费开放源代码的邮件传输代理,可使用在多种Unix和Linux操作系统下。
Sendmail中处理DNS部分代码没有很好的检查名字服务器返回的数据,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以Sendmail进程的权限在系统上执行任意指令。
Sendmail在尝试使用TXT查询类型映射地址的时候没有很好的检查由名字服务器返回的数据,攻击者可以伪造名字服务器返回信息发送超长的字符串给邮件服务器,可导致sendmail产生缓冲区溢出,精心构建返回数据可能以sendmail进程的权限在系统上执行任意命令。
这个漏洞由于此部分处理代码没有被任何默认sendmail配置所使用,所以此漏洞等级为低,如果你使用定制的DNS映射定义来查询DNS TXT记录如:
Kdnstxt dns -R TXT
那么你必须升级到8.12.5版本。
<*来源:Anton Rang
Joost Pol (joost@pine.nl)
链接:http://www.sendmail.org/8.12.5.html
*>
建议:
厂商补丁:
Sendmail Consortium
-------------------
目前厂商已经在新版的8.12.5版的软件中修复了这个安全问题,请到厂商的主页下载:
Sendmail Consortium Sendmail 8.11:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.11.1:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.11.2:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.11.3:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.11.4:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.11.5:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.11.6:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.12:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.12.1:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.12.2:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.12.3:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.12.4:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
浏览次数:4123
严重程度:0(网友投票)
绿盟科技给您安全的保障