漏洞信息详情
Sendmail DNS映射TXT记录远程缓冲区溢出漏洞
- CNNVD编号:CNNVD-200210-230
- 危害等级: 高危
![图片[1]-Sendmail DNS映射TXT记录远程缓冲区溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-26/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2002-0906
- 漏洞类型:
边界条件错误
- 发布时间:
2002-06-28
- 威胁类型:
远程
- 更新时间:
2005-05-02
- 厂 商:
sendmail - 漏洞来源:
Anton Rang
Joost P… -
漏洞简介
Sendmail是一款免费开放源代码的邮件传输代理,可使用在多种Unix和Linux操作系统下。
Sendmail中处理DNS部分代码没有很好的检查名字服务器返回的数据,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以Sendmail进程的权限在系统上执行任意指令。
Sendmail在尝试使用TXT查询类型映射地址的时候没有很好的检查由名字服务器返回的数据,攻击者可以伪造名字服务器返回信息发送超长的字符串给邮件服务器,可导致sendmail产生缓冲区溢出,精心构建返回数据可能以sendmail进程的权限在系统上执行任意命令。
这个漏洞由于此部分处理代码没有被任何默认sendmail配置所使用,所以此漏洞等级为低,如果你使用定制的DNS映射定义来查询DNS TXT记录如:
Kdnstxt dns -R TXT
那么你必须升级到8.12.5版本。
漏洞公告
厂商补丁:
Sendmail Consortium
——————-
目前厂商已经在新版的8.12.5版的软件中修复了这个安全问题,请到厂商的主页下载:
Sendmail Consortium Sendmail 8.11:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.11.1:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.11.2:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.11.3:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.11.4:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.11.5:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.11.6:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.12:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.12.1:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.12.2:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.12.3:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
Sendmail Consortium Sendmail 8.12.4:
Sendmail Consortium Upgrade sendmail.8.12.5.tar.gz
参考网址
来源:US-CERT Vulnerability Note: VU#814627
名称: VU#814627
链接:http://www.kb.cert.org/vuls/id/814627
来源: XF
名称: sendmail-dns-txt-bo(9443)
链接:http://www.iss.net/security_center/static/9443.php
来源: www.sendmail.org
链接:http://www.sendmail.org/8.12.5.html
来源: BID
名称: 5122
链接:http://www.securityfocus.com/bid/5122
来源: US Government Resource: oval:org.mitre.oval:def:2183
名称: oval:org.mitre.oval:def:2183
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2183
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
