10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.172 Low
EPSS
Percentile
96.1%
Sendmail is a widely used Mail Transport Agent (MTA) which is included
in all Red Hat Enterprise Linux distributions.
There is a vulnerability in Sendmail versions 8.12.8 and prior. The
address parser performs insufficient bounds checking in certain conditions
due to a char to int conversion, making it possible for an attacker to
take control of the application. Although no exploit currently exists,
this issue is probably locally exploitable and may be remotely exploitable.
All users are advised to update to these erratum packages containing a
backported patch which corrects these vulnerabilities.
Red Hat would like to thank Michal Zalewski for finding and reporting this
issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | sendmail-cf | < 8.11.6-26.72 | sendmail-cf-8.11.6-26.72.i386.rpm |
RedHat | any | ia64 | sendmail | < 8.11.6-26.72 | sendmail-8.11.6-26.72.ia64.rpm |
RedHat | any | ia64 | sendmail-devel | < 8.11.6-26.72 | sendmail-devel-8.11.6-26.72.ia64.rpm |
RedHat | any | i386 | sendmail | < 8.11.6-26.72 | sendmail-8.11.6-26.72.i386.rpm |
RedHat | any | ia64 | sendmail-cf | < 8.11.6-26.72 | sendmail-cf-8.11.6-26.72.ia64.rpm |
RedHat | any | ia64 | sendmail-doc | < 8.11.6-26.72 | sendmail-doc-8.11.6-26.72.ia64.rpm |
RedHat | any | i386 | sendmail-devel | < 8.11.6-26.72 | sendmail-devel-8.11.6-26.72.i386.rpm |
RedHat | any | i386 | sendmail-doc | < 8.11.6-26.72 | sendmail-doc-8.11.6-26.72.i386.rpm |