Description
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.
Product(s):
- Red Hat Sendmail 8.12.5-7 on i386
- Red Hat Sendmail 8.12.5-7 on i386 CF
- Red Hat Sendmail 8.12.5-7 for i386 Dev
- Red Hat Sendmail 8.12.5-7 for i386 Doc
- Red Hat Sendmail 8.12.8-4 for i386
- Red Hat Sendmail 8.12.8-4 for i386 CF
- Red Hat Sendmail 8.12.8-4 for i386 Dev
- Red Hat Sendmail 8.12.8-4 for i386_doc
- Sendmail Sendmail 8.12.1
- Sendmail Sendmail 8.12.2
- Sendmail Sendmail 8.12.3
- Sendmail Sendmail 8.12.4
- Sendmail Sendmail 8.12.5
- Sendmail Sendmail 8.12.6
- Sendmail Sendmail 8.12.7
- Sendmail Sendmail 8.12.8
- Compaq Tru64 5.0a
- Compaq Tru64 5.1
- FreeBSD 4.6
- FreeBSD 4.6 Patch 11
- FreeBSD 4.6 Patch 12
- FreeBSD 4.6 Patch 16
- FreeBSD 4.6 Patch 19
- FreeBSD 4.6 Patch 20
- FreeBSD 4.6 Patch 23
- FreeBSD 4.6 Patch 24
- FreeBSD 4.6 Patch 25
- FreeBSD 4.6 Patch 7
- FreeBSD 4.7
- FreeBSD 4.7 Patch 13
- FreeBSD 4.7 Patch 16
- FreeBSD 4.7 Patch 17
- FreeBSD 4.7 Patch 19
- FreeBSD 4.7 Patch 20
- FreeBSD 4.7 Patch 21
- FreeBSD 4.7 Patch 22
- FreeBSD 4.7 Patch 23
- FreeBSD 4.7 Patch 24
- FreeBSD 4.7 Patch 25
- FreeBSD 4.7 Patch 26
- FreeBSD 4.7 Patch 27
- FreeBSD 4.7 Patch 28
- FreeBSD 4.7 Patch 4
- FreeBSD 4.7 Patch 5
- FreeBSD 4.7 Patch 6
- FreeBSD 4.7 Patch 8
- FreeBSD 4.7 Patch 9
- FreeBSD 4.8
- FreeBSD 4.8 Patch 10
- FreeBSD 4.8 Patch 11
- FreeBSD 4.8 Patch 12
- FreeBSD 4.8 Patch 13
- FreeBSD 4.8 Patch 14
- FreeBSD 4.8 Patch 15
- FreeBSD 4.8 Patch 16
- FreeBSD 4.8 Patch 17
- FreeBSD 4.8 Patch 18
- FreeBSD 4.8 Patch 19
- FreeBSD 4.8 Patch 1
- FreeBSD 4.8 Patch 20
- FreeBSD 4.8 Patch 21
- FreeBSD 4.8 Patch 22
- FreeBSD 4.8 Patch 23
- FreeBSD 4.8 Patch 24
- FreeBSD 4.8 Patch 25
- FreeBSD 4.8 Patch 26
- FreeBSD 4.8 Patch 27
- FreeBSD 4.8 Patch 28
- FreeBSD 4.8 Patch 29
- FreeBSD 4.8 Patch 2
- FreeBSD 4.8 Patch 3
- FreeBSD 4.8 Patch 6
- FreeBSD 4.8 Patch 7
- FreeBSD 4.8 Patch 9
- FreeBSD 5.0
- FreeBSD 5.0 Patch 11
- FreeBSD 5.0 Patch 13
- FreeBSD 5.0 Patch 14
- FreeBSD 5.0 Patch 16
- FreeBSD 5.0 Patch 17
- FreeBSD 5.0 Patch 18
- FreeBSD 5.0 Patch 19
- FreeBSD 5.0 Patch 1
- FreeBSD 5.0 Patch 20
- FreeBSD 5.0 Patch 21
- FreeBSD 5.0 Patch 22
- FreeBSD 5.0 Patch 2
- FreeBSD 5.0 Patch 3
- FreeBSD 5.0 Patch 4
- FreeBSD 5.0 Patch 5
- FreeBSD 5.0 Patch 6
- FreeBSD 5.0 Patch 7
- OpenBSD 3.2
- SGI IRIX 6.5.19
- SGI IRIX 6.5.20
- SGI IRIX 6.5.21
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2003-0688, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0688 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.