sendmail -- Incorrect multipart message handling

ID C611BE81-FBC2-11DA-9156-000E0C2E438A
Type freebsd
Reporter FreeBSD
Modified 2006-06-14T00:00:00


Problem Description A suitably malformed multipart MIME message can cause sendmail to exceed predefined limits on its stack usage. Impact An attacker able to send mail to, or via, a server can cause queued messages on the system to not be delivered, by causing the sendmail process which handles queued messages to crash. Note that this will not stop new messages from entering the queue (either from local processes, or incoming via SMTP). Workaround No workaround is available, but systems which do not receive email from untrusted sources are not vulnerable.