Network Security

Home

Network Services

Network Security
 Topical Information
 Own Advisories
 Archive
 Search Engine
 Solutions
 Services
 Systeme
 Internet Services
   Sendmail
   BIND

Consulting

Workshops/Trainings

About Us
 Contact


Deutsche Version

Full Menues

IPv6 website counter

AERAsec
Network Security
Internet Services
Sendmail

Sendmail  

The program sendmail has been in the News again and again due to vulnerabilities. Concerning the number of vulnerabilities, the last months there were not too many. So a safe use of this software is possible - if it's configured correctly and the latest version is used. At the moment, the latest version is 8.14.7. A lower version than 8.13.17 should absolutely not be used because of vulnerabilities! Since version 8.10.x these vulnerabilities have been fixed:
  • Version 8.11.2 has some corrections of (Minor-) bugs und among others some improvements for using LDAP.
  • Due to a change in treating signals when communicating with other MTAs, the possibility of race conditions is reduced.
  • A race condition has been fixed in version 8.11.4.
  • In version 8.11.5 problems with oversized parameters for Debugging have been found.
  • Due to a local exploit, local users have access to the mail queue in version 8.12.0.
  • Version 8.12.3 fixes some bugs found in 8.12.0 to 8.12.2. This version fixes some bugs e.g. with MIME. Compared with version 8.11.x, there is an improvement in performance and security.
  • Version 8.12.4 fixes a problem concerning file locking which has been reasoned by improper permissions.
  • In version 8.12.5 a potential buffer overflow has been fixed. It occurred in a part of the program, which has never been executed when sendmail is configured as typical.
  • Version 8.12.6 solves a problem concerning sendmail acting as an open mail relay, if FallbackMXhost and FEATURE(`relay_based_on_MX') were configured in parallel. Additionally, some minor bugs have been fixed.
  • Version 8.12.7 solves the problem with smrsh, published in December 2002. Fixes for BIND are included, too.
  • Version 8.12.8 has been published in March 2003 because all known versions show a buffer overflow when working on the headers. So attackers could gain administrative rights remotely.
  • At the end of March 2003 version 8.12.9 has been published. The reason is a remote exploitable buffer overflow in all earlier versions. It happens when the IP address data are changed to integer numbers.
  • In the middle of September 2003 version 8.12.10 has been published due to a buffer overflow in the function prescan() in all earlier versions. To gain unauthorized access to a system, only an E-Mail with manipulated header is necessary.
  • In the middle of March 2006 version 8.13.6 has been published due to a race condition in asynchron signal handling which can be used for a remote root exploit.
  • In the middle of June 2006 version 8.13.7 has been published due to a possible crash caused by consumption of all memory in the stack segement during conversion from MIME 8-bit to 7-bit. This can be used for a denial-of-service.
The latest version and patches are available by Anonymous FTP. Each new versions lowers the number of known vulnerabilities and bugs.
Further information about sendmail is available in the web: www.sendmail.org. Also some News Groups are discussing this topic: e.g. comp.mail.sendmail (For following this link you will need access to your News Server).
For an easy installation and configuration by using a browser a commercial version of sendmail is available.
By the way: To find out the version running on your system, you only need this command:


sendmail -d0 -bt < /dev/null | grep Version