Sendmail contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the sm_syslog() function which allows an attacker to pass crafted data to the setjmp(3) and longjmp(3) function causing memory corruption. This can be used to remotely execute arbitrary code without authentication.

Upgrade to version 8.13.6 or higher, as it has been reported to fix this vulnerability. In addition, Sendmail has released a patch for some older versions.

• Security Tracker: 1015801
• Bugtraq ID: 17192
• Secunia Advisory ID: 19342 19345 19346 19349 19356 19360 19361 19363 19367 19368 19394 19404 19407 19450 19466 19532 19533 19676 19774 20243 20473 20723
• CVE ID: 2006-0058 (see also: NVD)
• Milw0rm: 2051
• Exploit Database: 2051
• SCIP VulDB ID: 2103
• ISS X-Force ID: 24584
• CERT VU: 834865
• Vendor Specific Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-010.txt.asc http://itrc.hp.com/service/cki/docDisplay.do?docId=c00629555
  http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
  http://security.gentoo.org/glsa/glsa-200603-21.xml
  http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.619600
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102324-1
  http://support.avaya.com/elmodocs2/security/ASA-2006-074.htm
  http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm
  http://www-1.ibm.com/support/docview.wss?uid=isg1IY82992
  http://www.f-secure.com/security/fsc-2006-2.shtml
  http://www.gentoo.org/security/en/glsa/glsa-200603-21.xml
  http://www.novell.com/linux/security/advisories/2006_17_sendmail.html
  http://www.openbsd.org/errata.html#sendmail
  http://www.sendmail.com/company/advisory
  http://www.us.debian.org/security/2006/dsa-1015
  http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688
• Other Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24/SCOSA-2006.24.txt ftp://patches.sgi.com/support/free/security/advisories/20060302-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20060401-01.U.asc http://www.us-cert.gov/cas/techalerts/TA06-081A.html
  http://xforce.iss.net/xforce/alerts/id/216
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-03/0414.html
  http://seclists.org/fulldisclosure/2006/Jul/472
  http://seclists.org/fulldisclosure/2006/Jul/480
• Generic Exploit URL: http://rapturesecurity.org/jack/exploiting_sendmail.html
  http://www.blacksecurity.org/download/61/BL4CK_FR1D4Y_2006-07-21
• News Article: http://www.computerweekly.com/Feeds/RS/Articles/2006/03/23/215002/Sendmailhitbydatainterceptionflaw.htm
  http://www.eweek.com/article2/0,1895,1941865,00.asp
• CIAC Advisory: q-151
• RedHat RHSA: RHSA-2006:0264

• Mark Dowd - Avertavertlabs.com - McAfee Avert(tm) Labs