Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Sendmail DoS Vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sendmail DoS Vulnerability
For some of the Unix types out there, this may be old news by now.  However, we do have a couple of reports in the mailbag about the Sendmail Denial of Service issue. 

On August 9, 2006, released version 8.13.8 which addressed a few bugs that were discovered in 8.13.7, and fixed a few other bugs.  One particular bug fixes an issue where sendmail would crash due to referencing a variable that had be freed.  This flaw can be exploited by crafting a message which very long header lines. I did not see much media attention to this when it was released (in fact I personally missed the note that it had updated). However in the past 24 hours a number of organizations have now posted information about it.  Oh well, looks like I wasn't the only one that missed it at the time.

As this appears to just be a DoS issue, it is our recommendation that if you are using Sendmail based products, please upgrade to 8.13.8 available at, or contact your vendor for appropriate updates.  Also, make sure you are on the appropriate announcement list for any software vendors that you use.  Sometimes little security issues can get past even the best of us if we don't visit the local CVS repository, or website on a daily/weekly basis.

I am looking around for appropriate Snort Rules that might detect for this

For More Information: (August 25 sendmail patch)

Scott Fendley
ISC Handler On Duty

191 Posts
ISC Handler
Aug 29th 2006

Sign Up for Free or Log In to start participating in the conversation!