Sendmail Security!!

[Eduardo Andre]

Problem Description:

A vulnerability was discovered in all 8.12.x versions of sendmail up to
and including 8.12.8. Due to wrong initialization of RESOURCE_RECORD_T
structures, if sendmail receives a bad DNS reply it will call free() on
random addresses which usually causes sendmail to crash.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0688
http://www.sendmail.org/dnsmap1.html
http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/54367

Att.

Eduardo