5. Sendmail buffer overflow weaknesses, pipe attacks, and MIMEbo, that allows for root compromise.
There have been several Sendmail flaws found over the years the most serious allow for root compromise while the lower risk attacks result in an interruption of Sendmail services.
Versions Effected: Sendmail early versions up to and including 8.8.4
CVE Entry: CVE-1999-0047, CVE-1999-0130, CVE-1999-0131, CVE-1999-0203, CVE-1999-0204, CVE-1999-0206
Details: The first issue is a MIME conversion buffer overflow that allows attackers to force Sendmail to execute commands as root. Issue two also allows commands to be executed as root by exploiting a flaw in the code allowing Sendmail to run in daemon mode. CVE-1999-0131 refers to two seperate issues the first being a resource starvation exploit and the second being a buffer overflow that allows for root access. CVE-1999-0203 refers to an exploit where attackers can specify invalid mail from and rcpt to fields causing mail to bounce to specific programs with root authority. CVE-1999-0204 is an issue where an attacker can use IDENT to execute commands with root privledges. The final issue listed by SANS, is a MIME buffer overflow also giving root access.
Recommendations: Check all servers that require Sendmail and ensure that they are at the latest patch level or latest version level. Do not run Sendmail in daemon mode on machines that are not mail servers or relays.
Additional Information:
http://www.cert.org/advisories/CA-97.05.sendmail.html
http://www.sans.org/topten.htm