The well known and widely used MTA sendmail is vulnerable to a remote denial-of-service attack in version 8.12.8 and earlier (but not before 8.12). The bug exists in the DNS map code. This feature is enabled by specifying FEATURE(`enhdnsbl’). When sendmail receives an invalid DNS response it tries to call free(3) on random data which results in a process crash.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 8.1 | i586 | sendmail | < 8.12.6-147 | sendmail-8.12.6-147.i586.rpm |
openSUSE | 8.0 | i386 | uucp | < 1.06.1-931 | uucp-1.06.1-931.i386.rpm |
openSUSE | 8.1 | i586 | uucp | < 1.06.1-931 | uucp-1.06.1-931.i586.rpm |
openSUSE | 8.2 | i586 | uucp | < 1.06.1-931 | uucp-1.06.1-931.i586.rpm |
openSUSE | 8.0 | i386 | sendmail | < 8.12.3-76 | sendmail-8.12.3-76.i386.rpm |
openSUSE | 8.2 | i586 | sendmail | < 8.12.7-73 | sendmail-8.12.7-73.i586.rpm |