Info

Disclosure

Jun 07, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

sendmail contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a specially-crafted, deeply nested multipart MIME message which exhausts the stack while performing an 8-bit to 7-bit conversion, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 8.13.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Sendmail, Inc.	Sendmail	8.13.6
		8.13.5
		8.13.4
		8.13.3
		8.13.2
		8.13.1
		8.13.0
		8.12.x

References

Security Tracker: 1016295
CERT VU: 146718
Secunia Advisory ID: 15779 20473 20641 20650 20651 20654 20673 20675 20679 20683 20690 20694 20726 20782 21042 21160 21327 21612 21647
Bugtraq ID: 18433
CVE ID: 2006-1173 (see also: NVD)
SCIP VulDB ID: 2321
VUPEN Advisory: ADV-2006-2351
Keyword: FGA-2006-18 HPSBTU02116,SSRT061135 HPSBUX02124,SSRT061159
Other Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1
http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:104
http://www.openbsd.org/errata.html#sendmail2
https://issues.rpath.com/browse/RPL-526
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0045.html
Vendor Specific Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00680632
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm
http://www.f-secure.com/security/fsc-2006-5.shtml
http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
http://www.us.debian.org/security/2006/dsa-1155
Vendor URL: http://www.sendmail.org/releases/8.13.7.html
RedHat RHSA: RHSA-2006:0515

Credit

Frank Sheiness -

Direct URL: http://osvdb.org/26197

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Sendmail, Inc.

Sendmail

References

Credit