Info

Disclosure

Aug 25, 2006

Discovery

Unknown

Dates

Exploit

Aug 25, 2006

Solution

Unknown

Description

Sendmail contains a flaw that may allow a remote denial of service. The issue is triggered due to an error when processing very long header lines, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 8.13.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Sendmail, Inc.

Sendmail

8.13.7

References

Security Tracker: 1016753
Bugtraq ID: 19714
CVE ID: 2006-4434 (see also: NVD)
Secunia Advisory ID: 21637 21641 21696 21700 21749 22369 32704
SCIP VulDB ID: 2497
Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Sep/0001.html
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ25577
http://www.us.debian.org/security/2006/dsa-1164
Vendor Specific Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1
http://www.mandriva.com/security/advisories?name=MDKSA-2006:156
http://www.openbsd.org/errata.html
Mail List Post: http://www.attrition.org/pipermail/vim/2006-August/000999.html
Vendor URL: http://www.sendmail.org/
Vendor Specific Solution URL: http://www.sendmail.org/releases/8.13.8.html

Credit

Moritz Jodeit - moritzjodeit.org - http://www.jodeit.org/

Direct URL: http://osvdb.org/28193