Vigil@nce: Sendmail, buffer overflow via X-Testing
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
On old Sendmail versions, an attacker can use a long X-Testing
header in order to generate a denial of service and eventually to
execute code.
Severity: 2/4
Consequences: user access/rights, data deletion, denial of service
of service
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: low (1/3)
Creation date: 07/05/2009
IMPACTED PRODUCTS
– Sendmail
DESCRIPTION OF THE VULNERABILITY
A vulnerability was announced in 2009, about Sendmail versions
available in 2004.
An email is composed of headers and a body. Headers can contain
extensions starting by "X-".
When the first header is a long extension, Sendmail tries to split
it on several lines. However, two cases can occur:
– a computation error generates a buffer overflow
– the end of the header can be inserted in the message body
This vulnerability can therefore lead:
– to a denial of service or to code execution
– to a malformed email which can bypass an antivirus.
CHARACTERISTICS
Identifiers: CVE-2009-1490, VIGILANCE-VUL-8698
http://vigilance.fr/vulnerability/Sendmail-buffer-overflow-via-X-Testing-8698