Sendmail Syslog contents.gifindex.gif

Sendmail Syslog

Sendmail is a common mailer on UNIX systems. In most UNIX machines, a buffer overflow in shared libraries allows any process that logs a remote user-supplied string to the system log files to be exploited to gain remote root access. An intruder can gain access through sendmail by sending a string longer than the expected length, resulting in a system syslog command that overflows a buffer. By doing this, the intruder can execute arbitrary assembly code on the target machine as root.

This bug affects sendmail 8.6.12 and earlier, and may also affect other services that provide logging via the syslog calls. It is an extremely well known hole.

The scan engine checks the version of the sendmail application. This vulnerability affects most UNIX systems with sendmail versions prior to 8.7.1.

Risk: High

Fix: Ask your vendor for patches for the syslog buffer overflow bug and/or upgrade your version of sendmail to 8.7.1 or later

Advisory: CA-95:13.syslog.vul