For some of the Unix types out there, this may be old news by now.  However, we do have a couple of reports in the mailbag about the Sendmail Denial of Service issue. 

On August 9, 2006, Sendmail.org released version 8.13.8 which addressed a few bugs that were discovered in 8.13.7, and fixed a few other bugs.  One particular bug fixes an issue where sendmail would crash due to referencing a variable that had be freed.  This flaw can be exploited by crafting a message which very long header lines. I did not see much media attention to this when it was released (in fact I personally missed the note that it had updated). However in the past 24 hours a number of organizations have now posted information about it.  ( Oh well, looks like I wasn't the only one that missed it at the time.  And I don't think I can necessarily blame it on the students returning to my campus. ;-)  )

As this appears to just be a DoS issue, it is our recommendation that if you are using Sendmail based products, please upgrade to 8.13.8 available at Sendmail.org, or contact your vendor for appropriate updates.  Also, make sure you are on the appropriate announcement list for any software vendors that you use.  Sometimes little security issues can get past even the best of us if we don't visit the local CVS repository, or website on a daily/weekly basis.

I am looking around for appropriate Snort Rules that might detect for this


For More Information:
http://secunia.com/advisories/21637/
http://www.openbsd.org/errata.html (August 25 sendmail patch)
http://www.osvdb.org/displayvuln.php?osvdb_id=28193
http://www.frsirt.com/english/advisories/2006/3393



---
Scott Fendley
ISC Handler On Duty