CVE-2003-0688 - The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properl

CVE-2003-0688

Summary

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

References

Vulnerable Configurations

cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386_cf:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386_cf:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386_dev:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386_dev:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386_doc:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386_doc:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386_cf:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386_cf:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386_dev:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386_dev:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386_doc:*:*:*:*:*
cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386_doc:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.21:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.21:*:*:*:*:*:*:*
cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*
cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*
cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*
cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

oval via4

accepted

2010-09-20T04:00:31.764-04:00

class

vulnerability

contributors

name Jay Beale
organization Bastille Linux
name Jay Beale
organization Bastille Linux
name Thomas R. Jones
organization Maitreya Security
name Jonathan Baker
organization The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:597

status

accepted

submitted

2003-09-05T12:00:00.000-04:00

title

Denial of Service in Sendmail via the enhdnsbl Feature

version

redhat via4

advisories

rhsa

id	RHSA-2003:265

refmap via4

cert-vn	VU#993452
conectiva	CLA-2003:727
confirm	http://www.sendmail.org/dnsmap1.html
freebsd	FreeBSD-SA-03:11
mandrake	MDKSA-2003:086
sgi	20030803-01-P
suse	SuSE-SA:2003:035

Last major update

03-05-2018 - 01:29

Published

20-10-2003 - 04:00

Last modified

03-05-2018 - 01:29