5739.txt

This is the snapshot of Snot Latest Rules

Rule: 

--
Sid: 
5739

-- 
Summary: 
This event is generated when a server response indicating that a message has been received with overly long mail headers, has been detected.

-- 
Impact: 
Possible code execution.

--
Detailed Information:
A race condition exists in versions of Sendmail, this vulnerability may allow a remote attacker to execute code of their choosing on an affected server.

A programming error in the way that sendmail handles asynchronous signals may allow an attacker to overflow a fixed length buffer by supplying a large amount of data in an email header. This event indicates that a mail server has returned a messages indicating that it recieved a message with a long mail header.

--
Affected Systems:
Sendmail prior to version 8.1.3

--
Attack Scenarios: 
An attacker could send extra data in an email header to overflow a fixed length buffer and execute code of their choosing.

-- 
Ease of Attack: 
Simple.

-- 
False Positives:
None known.

--
False Negatives:
None known.

-- 
Corrective Action: 
Apply the appropriate vendor supplied patches.

Upgrade to the latest non-affected version of the software.

--
Contributors:
Sourcefire Vulnerability Research Team

-- 
Additional References:

--