Vulnerabilities > CVE-2006-1173 - Resource Management Errors vulnerability in Sendmail
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family AIX Local Security Checks NASL id AIX_U497412.NASL description The remote host is missing AIX PTF U497412, which is related to the security of the package bos.net.tcp.client. last seen 2020-06-01 modified 2020-06-02 plugin id 65264 published 2013-03-13 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65264 title AIX 5.3 TL 5 / 5.3 TL 4 : bos.net.tcp.client (U497412) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were extracted # from AIX Security PTF U497412. The text itself is copyright (C) # International Business Machines Corp. # include("compat.inc"); if (description) { script_id(65264); script_version("1.2"); script_cvs_date("Date: 2019/09/16 14:12:47"); script_cve_id("CVE-2006-0674", "CVE-2006-1173"); script_name(english:"AIX 5.3 TL 5 / 5.3 TL 4 : bos.net.tcp.client (U497412)"); script_summary(english:"Check for PTF U497412"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The remote host is missing AIX PTF U497412, which is related to the security of the package bos.net.tcp.client." ); script_set_attribute( attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IY81476" ); script_set_attribute( attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IY85415" ); script_set_attribute( attribute:"solution", value:"Install the appropriate missing security-related fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:5.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2006/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( aix_check_patch(ml:"530005", patch:"U497412", package:"bos.net.tcp.client.5.3.0.50") < 0 ) flag++; if ( aix_check_patch(ml:"530004", patch:"U497412", package:"bos.net.tcp.client.5.3.0.50") < 0 ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_122856.NASL description SunOS 5.10: sendmail patch. Date this patch was last updated by Sun : Oct/17/06 last seen 2018-09-01 modified 2018-08-13 plugin id 21260 published 2006-04-21 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=21260 title Solaris 10 (sparc) : 122856-03 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(21260); script_version("1.29"); script_name(english: "Solaris 10 (sparc) : 122856-03"); script_cve_id("CVE-2006-0058", "CVE-2006-1173"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 122856-03"); script_set_attribute(attribute: "description", value: 'SunOS 5.10: sendmail patch. Date this patch was last updated by Sun : Oct/17/06'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/122856-03"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_publication_date", value: "2006/04/21"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/03/22"); script_end_attributes(); script_summary(english: "Check for patch 122856-03"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0515.NASL description Updated sendmail packages are now available to fix a denial of service security issue. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 27 June 2006] The sendmail-docs packages for Red Hat Enterprise Linux 3 have been updated to the correct version and release. Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of multi-part MIME messages was discovered in Sendmail. A remote attacker could create a carefully crafted message that could crash the sendmail process during delivery (CVE-2006-1173). By default on Red Hat Enterprise Linux, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be remotely vulnerable to this issue. Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21721 published 2006-06-16 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21721 title RHEL 2.1 / 3 / 4 : sendmail (RHSA-2006:0515) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0515. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(21721); script_version ("1.22"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2006-1173"); script_xref(name:"CERT", value:"146718"); script_xref(name:"RHSA", value:"2006:0515"); script_name(english:"RHEL 2.1 / 3 / 4 : sendmail (RHSA-2006:0515)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated sendmail packages are now available to fix a denial of service security issue. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 27 June 2006] The sendmail-docs packages for Red Hat Enterprise Linux 3 have been updated to the correct version and release. Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of multi-part MIME messages was discovered in Sendmail. A remote attacker could create a carefully crafted message that could crash the sendmail process during delivery (CVE-2006-1173). By default on Red Hat Enterprise Linux, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be remotely vulnerable to this issue. Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-1173" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2006:0515" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-cf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/07"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2006:0515"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-8.12.11-4.21AS.10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-cf-8.12.11-4.21AS.10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-devel-8.12.11-4.21AS.10")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-doc-8.12.11-4.21AS.10")) flag++; if (rpm_check(release:"RHEL3", reference:"sendmail-8.12.11-4.RHEL3.6")) flag++; if (rpm_check(release:"RHEL3", reference:"sendmail-cf-8.12.11-4.RHEL3.6")) flag++; if (rpm_check(release:"RHEL3", reference:"sendmail-devel-8.12.11-4.RHEL3.6")) flag++; if (rpm_check(release:"RHEL3", reference:"sendmail-doc-8.12.11-4.RHEL3.6")) flag++; if (rpm_check(release:"RHEL4", reference:"sendmail-8.13.1-3.RHEL4.5")) flag++; if (rpm_check(release:"RHEL4", reference:"sendmail-cf-8.13.1-3.RHEL4.5")) flag++; if (rpm_check(release:"RHEL4", reference:"sendmail-devel-8.13.1-3.RHEL4.5")) flag++; if (rpm_check(release:"RHEL4", reference:"sendmail-doc-8.13.1-3.RHEL4.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sendmail / sendmail-cf / sendmail-devel / sendmail-doc"); } }NASL family Fedora Local Security Checks NASL id FEDORA_2006-836.NASL description - Tue Jul 18 2006 Thomas Woerner <twoerner at redhat.com> 8.13.7-2.fc4.1 - using new syntax for access database (#177566) - fixed failure message while shutting down sm-client (#119429) resolution: stop sm-client before sendmail - fixed method to specify persistent queue runners (#126760) - removed patch backup files from sendmail-cf tree (#152955) - fixed missing dnl on SMART_HOST define (#166680) - fixed wrong location of aliases and aliases.db file in aliases man page (#166744) - enabled CipherList config option for sendmail (#172352) - added user chowns for /etc/mail/authinfo.db and move check for cf files (#184341) - fixed Makefile of vacation (#191396) vacation is not included in this sendmail package - /var/log/mail now belongs to sendmail (#192850) - using old pam_stack - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 8.13.7-2.1 - rebuild - Mon Jun 19 2006 Thomas Woerner <twoerner at redhat.com> 8.13.7-2 - dropped reference to Red Hat Linux in sendmail-redhat.mc (#176679) - Mon Jun 19 2006 Thomas Woerner <twoerner at redhat.com> 8.13.7-1 - new version 8.13.7 (#195282) - fixes CVE-2006-1173 (VU#146718): possible denial of service issue caused by malformed multipart messages (#195776) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24153 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24153 title Fedora Core 4 : sendmail-8.13.7-2.fc4.1 (2006-836) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_122857.NASL description SunOS 5.10_x86: sendmail patch. Date this patch was last updated by Sun : Oct/10/06 last seen 2018-09-01 modified 2018-08-13 plugin id 21263 published 2006-04-21 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=21263 title Solaris 10 (x86) : 122857-04 NASL family AIX Local Security Checks NASL id AIX_U806039.NASL description The remote host is missing AIX PTF U806039, which is related to the security of the package bos.net.tcp.client. last seen 2020-06-01 modified 2020-06-02 plugin id 28597 published 2007-12-03 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28597 title AIX 5.2 TL 8 : bos.net.tcp.client (U806039) NASL family Solaris Local Security Checks NASL id SOLARIS9_113575.NASL description SunOS 5.9: sendmail patch. Date this patch was last updated by Sun : Feb/05/08 last seen 2020-06-01 modified 2020-06-02 plugin id 13541 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13541 title Solaris 9 (sparc) : 113575-11 NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_34900.NASL description s700_800 11.00 sendmail(1m) 8.9.3 patch : A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 22174 published 2006-08-08 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22174 title HP-UX PHNE_34900 : HP-UX Sendmail MIME Remote Denial of Service (DoS) (HPSBUX02124 SSRT061159 rev.2) NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_032.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:032 (sendmail). The Mail Transfer Agent sendmail has a remote exploitable problem, where a specially crafted MIME messages can crash sendmail and block queue processing. This issue is tracked by the Mitre CVE ID CVE-2006-1173 and CERT VU#146718. last seen 2019-10-28 modified 2007-02-18 plugin id 24413 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24413 title SUSE-SA:2006:032: sendmail NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1155.NASL description It turned out that the sendmail binary depends on libsasl2 (>= 2.1.19.dfsg1) which is neither available in the stable nor in the security archive. This version is scheduled for the inclusion in the next update of the stable release, though. You last seen 2020-06-01 modified 2020-06-02 plugin id 22697 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22697 title Debian DSA-1155-2 : sendmail - programming error NASL family AIX Local Security Checks NASL id AIX_U807468.NASL description The remote host is missing AIX PTF U807468, which is related to the security of the package bos.net.tcp.client. last seen 2020-06-01 modified 2020-06-02 plugin id 28637 published 2007-12-03 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28637 title AIX 5.3 TL 4 / 5.3 TL 5 : bos.net.tcp.client (U807468) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-166-01.NASL description New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a possible denial-of-service issue. Sendmail last seen 2020-06-01 modified 2020-06-02 plugin id 21699 published 2006-06-16 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21699 title Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : sendmail (SSA:2006-166-01) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200606-19.NASL description The remote host is affected by the vulnerability described in GLSA-200606-19 (Sendmail: Denial of Service) Frank Sheiness discovered that the mime8to7() function can recurse endlessly during the decoding of multipart MIME messages until the stack of the process is filled and the process crashes. Impact : By sending specially crafted multipart MIME messages, a remote attacker can cause a subprocess forked by Sendmail to crash. If Sendmail is not set to use a randomized queue processing, the attack will effectively halt the delivery of queued mails as well as the malformed one, incoming mail delivered interactively is not affected. Additionally, on systems where core dumps with an individual naming scheme (like last seen 2020-06-01 modified 2020-06-02 plugin id 21712 published 2006-06-16 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21712 title GLSA-200606-19 : Sendmail: Denial of Service NASL family AIX Local Security Checks NASL id AIX_U477911.NASL description The remote host is missing AIX PTF U477911, which is related to the security of the package bos.net.tcp.client. last seen 2020-06-01 modified 2020-06-02 plugin id 65261 published 2013-03-13 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65261 title AIX 5.2 TL 9 / 5.2 TL 8 : bos.net.tcp.client (U477911) NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_34927.NASL description s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS). (HPSBUX02124 SSRT061159) last seen 2020-06-01 modified 2020-06-02 plugin id 22175 published 2006-08-08 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22175 title HP-UX PHNE_34927 : s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0515.NASL description Updated sendmail packages are now available to fix a denial of service security issue. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 27 June 2006] The sendmail-docs packages for Red Hat Enterprise Linux 3 have been updated to the correct version and release. Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of multi-part MIME messages was discovered in Sendmail. A remote attacker could create a carefully crafted message that could crash the sendmail process during delivery (CVE-2006-1173). By default on Red Hat Enterprise Linux, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be remotely vulnerable to this issue. Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21903 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21903 title CentOS 3 / 4 : sendmail (CESA-2006:0515) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114137.NASL description SunOS 5.9_x86: sendmail Patch. Date this patch was last updated by Sun : Mar/04/08 last seen 2020-06-01 modified 2020-06-02 plugin id 13592 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13592 title Solaris 9 (x86) : 114137-10 NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-104.NASL description A vulnerability in the way Sendmail handles multi-part MIME messages was discovered that could allow a remote attacker to create a carefully crafted message that could crash the sendmail process during delivery. The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21719 published 2006-06-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21719 title Mandrake Linux Security Advisory : sendmail (MDKSA-2006:104) NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_34689.NASL description s700_800 11.23 sendmail(1m) 8.11.1 patch : A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 22173 published 2006-08-08 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22173 title HP-UX PHNE_34689 : HP-UX Sendmail MIME Remote Denial of Service (DoS) (HPSBUX02124 SSRT061159 rev.2) NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_34936.NASL description s700_800 11.11 sendmail(1M) 8.9.3 patch : A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 22176 published 2006-08-08 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22176 title HP-UX PHNE_34936 : HP-UX Sendmail MIME Remote Denial of Service (DoS) (HPSBUX02124 SSRT061159 rev.2) NASL family Fedora Local Security Checks NASL id FEDORA_2006-837.NASL description - Tue Jul 18 2006 Thomas Woerner <twoerner at redhat.com> 8.13.7-2.fc5.1 - using new syntax for access database (#177566) - fixed failure message while shutting down sm-client (#119429) resolution: stop sm-client before sendmail - fixed method to specify persistent queue runners (#126760) - removed patch backup files from sendmail-cf tree (#152955) - fixed missing dnl on SMART_HOST define (#166680) - fixed wrong location of aliases and aliases.db file in aliases man page (#166744) - enabled CipherList config option for sendmail (#172352) - added user chowns for /etc/mail/authinfo.db and move check for cf files (#184341) - fixed Makefile of vacation (#191396) vacation is not included in this sendmail package - /var/log/mail now belongs to sendmail (#192850) - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 8.13.7-2.1 - rebuild - Mon Jun 19 2006 Thomas Woerner <twoerner at redhat.com> 8.13.7-2 - dropped reference to Red Hat Linux in sendmail-redhat.mc (#176679) - Mon Jun 19 2006 Thomas Woerner <twoerner at redhat.com> 8.13.7-1 - new version 8.13.7 (#195282) - fixes CVE-2006-1173 (VU#146718): possible denial of service issue caused by malformed multipart messages (#195776) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24154 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24154 title Fedora Core 5 : sendmail-8.13.7-2.fc5.1 (2006-837)
Oval
| accepted | 2013-04-29T04:12:41.573-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:11253 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc
- ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P
- ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
- http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html
- http://secunia.com/advisories/15779
- http://secunia.com/advisories/20473
- http://secunia.com/advisories/20641
- http://secunia.com/advisories/20650
- http://secunia.com/advisories/20651
- http://secunia.com/advisories/20654
- http://secunia.com/advisories/20673
- http://secunia.com/advisories/20675
- http://secunia.com/advisories/20679
- http://secunia.com/advisories/20683
- http://secunia.com/advisories/20684
- http://secunia.com/advisories/20694
- http://secunia.com/advisories/20726
- http://secunia.com/advisories/20782
- http://secunia.com/advisories/21042
- http://secunia.com/advisories/21160
- http://secunia.com/advisories/21327
- http://secunia.com/advisories/21612
- http://secunia.com/advisories/21647
- http://securitytracker.com/id?1016295
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm
- http://www.debian.org/security/2006/dsa-1155
- http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html
- http://www.f-secure.com/security/fsc-2006-5.shtml
- http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml
- http://www.kb.cert.org/vuls/id/146718
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:104
- http://www.openbsd.org/errata38.html#sendmail2
- http://www.osvdb.org/26197
- http://www.redhat.com/support/errata/RHSA-2006-0515.html
- http://www.securityfocus.com/archive/1/437928/100/0/threaded
- http://www.securityfocus.com/archive/1/438241/100/0/threaded
- http://www.securityfocus.com/archive/1/438330/100/0/threaded
- http://www.securityfocus.com/archive/1/440744/100/0/threaded
- http://www.securityfocus.com/archive/1/442939/100/0/threaded
- http://www.securityfocus.com/bid/18433
- http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
- http://www.vupen.com/english/advisories/2006/2189
- http://www.vupen.com/english/advisories/2006/2351
- http://www.vupen.com/english/advisories/2006/2388
- http://www.vupen.com/english/advisories/2006/2389
- http://www.vupen.com/english/advisories/2006/2390
- http://www.vupen.com/english/advisories/2006/2798
- http://www.vupen.com/english/advisories/2006/3135
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27128
- https://issues.rpath.com/browse/RPL-526
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253