Rule:--Sid:655--Summary:This event is generated when a buffer overflow is attempted on a Sendmail 8.6.9 server.--Impact:Attempted administrator access.  A successful buffer overflow attack can allow a remote attacker access to the Sendmail server at the privilege level of the user ID associated with Sendmail.--Detailed Information:A vulnerability exists in Sendmail version 8.6.9 that can be exploited by a buffer overflow attack.  This allows the attacker access to the Sendmail server at the privilege level of the user ID associated with Sendmail.  This attack can occur when a Sendmail server connects back to the ident service of the client requesting the Sendmail connection.  Because it is improperly validated by the Sendmail server, a malicious response can cause a buffer overflow. --Affected Systems:Sendmail version 8.6.9.--Attack Scenarios:An attacker can request a connection to a Sendmail server, listen for the request for the ident service, and respond with a malicious payload to exploit the vulnerability.--Ease of Attack:Easy.  Exploit code is available.--False Positives:None Known.--False Negatives:None Known.--Corrective Action:Apply the appropriate patch or upgrade to a Sendmail version greater than 8.6.9.--Contributors:Original rule written by Max Vision <vision@whitehats.com>Rule updated by Brian Caswell <bmc@sourcefire.com>Sourcefire Vulnerability Research TeamJudy Novak <judy.novak@sourcefire.com>--Additional References:CVE:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0204--