Vulnerabilities > CVE-2006-1173 - Resource Management Errors vulnerability in Sendmail

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
sendmail
CWE-399
nessus

Summary

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyAIX Local Security Checks
    NASL idAIX_U497412.NASL
    descriptionThe remote host is missing AIX PTF U497412, which is related to the security of the package bos.net.tcp.client.
    last seen2020-06-01
    modified2020-06-02
    plugin id65264
    published2013-03-13
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65264
    titleAIX 5.3 TL 5 / 5.3 TL 4 : bos.net.tcp.client (U497412)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were extracted
    # from AIX Security PTF U497412. The text itself is copyright (C)
    # International Business Machines Corp.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(65264);
      script_version("1.2");
      script_cvs_date("Date: 2019/09/16 14:12:47");
    
      script_cve_id("CVE-2006-0674", "CVE-2006-1173");
    
      script_name(english:"AIX 5.3 TL 5 / 5.3 TL 4 : bos.net.tcp.client (U497412)");
      script_summary(english:"Check for PTF U497412");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote AIX host is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is missing AIX PTF U497412, which is related to the
    security of the package bos.net.tcp.client."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IY81476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IY85415"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install the appropriate missing security-related fix."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:5.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"AIX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp");
    
      exit(0);
    }
    
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("aix.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
    if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    flag = 0;
    
    if ( aix_check_patch(ml:"530005", patch:"U497412", package:"bos.net.tcp.client.5.3.0.50") < 0 ) flag++;
    if ( aix_check_patch(ml:"530004", patch:"U497412", package:"bos.net.tcp.client.5.3.0.50") < 0 ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_122856.NASL
    descriptionSunOS 5.10: sendmail patch. Date this patch was last updated by Sun : Oct/17/06
    last seen2018-09-01
    modified2018-08-13
    plugin id21260
    published2006-04-21
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=21260
    titleSolaris 10 (sparc) : 122856-03
    code
    #%NASL_MIN_LEVEL 80502
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a recommended security fix.
    #
    # Disabled on 2011/09/17.
    
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(21260);
     script_version("1.29");
    
     script_name(english: "Solaris 10 (sparc) : 122856-03");
     script_cve_id("CVE-2006-0058", "CVE-2006-1173");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 122856-03");
     script_set_attribute(attribute: "description", value:
    'SunOS 5.10: sendmail patch.
    Date this patch was last updated by Sun : Oct/17/06');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "https://getupdates.oracle.com/readme/122856-03");
     script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
     script_set_attribute(attribute:"plugin_publication_date", value: "2006/04/21");
     script_cvs_date("Date: 2019/10/25 13:36:23");
     script_set_attribute(attribute:"vuln_publication_date", value: "2006/03/22");
     script_end_attributes();
    
     script_summary(english: "Check for patch 122856-03");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    
    
    # Deprecated.
    exit(0, "The associated patch is not currently a recommended security fix.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0515.NASL
    descriptionUpdated sendmail packages are now available to fix a denial of service security issue. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 27 June 2006] The sendmail-docs packages for Red Hat Enterprise Linux 3 have been updated to the correct version and release. Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of multi-part MIME messages was discovered in Sendmail. A remote attacker could create a carefully crafted message that could crash the sendmail process during delivery (CVE-2006-1173). By default on Red Hat Enterprise Linux, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be remotely vulnerable to this issue. Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id21721
    published2006-06-16
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21721
    titleRHEL 2.1 / 3 / 4 : sendmail (RHSA-2006:0515)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0515. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21721);
      script_version ("1.22");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2006-1173");
      script_xref(name:"CERT", value:"146718");
      script_xref(name:"RHSA", value:"2006:0515");
    
      script_name(english:"RHEL 2.1 / 3 / 4 : sendmail (RHSA-2006:0515)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated sendmail packages are now available to fix a denial of service
    security issue.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    [Updated 27 June 2006] The sendmail-docs packages for Red Hat
    Enterprise Linux 3 have been updated to the correct version and
    release.
    
    Sendmail is a Mail Transport Agent (MTA) used to send mail between
    machines.
    
    A flaw in the handling of multi-part MIME messages was discovered in
    Sendmail. A remote attacker could create a carefully crafted message
    that could crash the sendmail process during delivery (CVE-2006-1173).
    By default on Red Hat Enterprise Linux, Sendmail is configured to only
    accept connections from the local host. Therefore, only users who have
    configured Sendmail to listen to remote hosts would be remotely
    vulnerable to this issue.
    
    Users of Sendmail are advised to upgrade to these erratum packages,
    which contain a backported patch from the Sendmail team to correct
    this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-1173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2006:0515"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-cf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendmail-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/06/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2006:0515";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-8.12.11-4.21AS.10")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-cf-8.12.11-4.21AS.10")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-devel-8.12.11-4.21AS.10")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"sendmail-doc-8.12.11-4.21AS.10")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"sendmail-8.12.11-4.RHEL3.6")) flag++;
      if (rpm_check(release:"RHEL3", reference:"sendmail-cf-8.12.11-4.RHEL3.6")) flag++;
      if (rpm_check(release:"RHEL3", reference:"sendmail-devel-8.12.11-4.RHEL3.6")) flag++;
      if (rpm_check(release:"RHEL3", reference:"sendmail-doc-8.12.11-4.RHEL3.6")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"sendmail-8.13.1-3.RHEL4.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"sendmail-cf-8.13.1-3.RHEL4.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"sendmail-devel-8.13.1-3.RHEL4.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"sendmail-doc-8.13.1-3.RHEL4.5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sendmail / sendmail-cf / sendmail-devel / sendmail-doc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-836.NASL
    description - Tue Jul 18 2006 Thomas Woerner <twoerner at redhat.com> 8.13.7-2.fc4.1 - using new syntax for access database (#177566) - fixed failure message while shutting down sm-client (#119429) resolution: stop sm-client before sendmail - fixed method to specify persistent queue runners (#126760) - removed patch backup files from sendmail-cf tree (#152955) - fixed missing dnl on SMART_HOST define (#166680) - fixed wrong location of aliases and aliases.db file in aliases man page (#166744) - enabled CipherList config option for sendmail (#172352) - added user chowns for /etc/mail/authinfo.db and move check for cf files (#184341) - fixed Makefile of vacation (#191396) vacation is not included in this sendmail package - /var/log/mail now belongs to sendmail (#192850) - using old pam_stack - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 8.13.7-2.1 - rebuild - Mon Jun 19 2006 Thomas Woerner <twoerner at redhat.com> 8.13.7-2 - dropped reference to Red Hat Linux in sendmail-redhat.mc (#176679) - Mon Jun 19 2006 Thomas Woerner <twoerner at redhat.com> 8.13.7-1 - new version 8.13.7 (#195282) - fixes CVE-2006-1173 (VU#146718): possible denial of service issue caused by malformed multipart messages (#195776) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24153
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24153
    titleFedora Core 4 : sendmail-8.13.7-2.fc4.1 (2006-836)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_122857.NASL
    descriptionSunOS 5.10_x86: sendmail patch. Date this patch was last updated by Sun : Oct/10/06
    last seen2018-09-01
    modified2018-08-13
    plugin id21263
    published2006-04-21
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=21263
    titleSolaris 10 (x86) : 122857-04
  • NASL familyAIX Local Security Checks
    NASL idAIX_U806039.NASL
    descriptionThe remote host is missing AIX PTF U806039, which is related to the security of the package bos.net.tcp.client.
    last seen2020-06-01
    modified2020-06-02
    plugin id28597
    published2007-12-03
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28597
    titleAIX 5.2 TL 8 : bos.net.tcp.client (U806039)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_113575.NASL
    descriptionSunOS 5.9: sendmail patch. Date this patch was last updated by Sun : Feb/05/08
    last seen2020-06-01
    modified2020-06-02
    plugin id13541
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13541
    titleSolaris 9 (sparc) : 113575-11
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_34900.NASL
    descriptions700_800 11.00 sendmail(1m) 8.9.3 patch : A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS).
    last seen2020-06-01
    modified2020-06-02
    plugin id22174
    published2006-08-08
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22174
    titleHP-UX PHNE_34900 : HP-UX Sendmail MIME Remote Denial of Service (DoS) (HPSBUX02124 SSRT061159 rev.2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2006_032.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2006:032 (sendmail). The Mail Transfer Agent sendmail has a remote exploitable problem, where a specially crafted MIME messages can crash sendmail and block queue processing. This issue is tracked by the Mitre CVE ID CVE-2006-1173 and CERT VU#146718.
    last seen2019-10-28
    modified2007-02-18
    plugin id24413
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24413
    titleSUSE-SA:2006:032: sendmail
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1155.NASL
    descriptionIt turned out that the sendmail binary depends on libsasl2 (>= 2.1.19.dfsg1) which is neither available in the stable nor in the security archive. This version is scheduled for the inclusion in the next update of the stable release, though. You
    last seen2020-06-01
    modified2020-06-02
    plugin id22697
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22697
    titleDebian DSA-1155-2 : sendmail - programming error
  • NASL familyAIX Local Security Checks
    NASL idAIX_U807468.NASL
    descriptionThe remote host is missing AIX PTF U807468, which is related to the security of the package bos.net.tcp.client.
    last seen2020-06-01
    modified2020-06-02
    plugin id28637
    published2007-12-03
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28637
    titleAIX 5.3 TL 4 / 5.3 TL 5 : bos.net.tcp.client (U807468)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2006-166-01.NASL
    descriptionNew sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a possible denial-of-service issue. Sendmail
    last seen2020-06-01
    modified2020-06-02
    plugin id21699
    published2006-06-16
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21699
    titleSlackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : sendmail (SSA:2006-166-01)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200606-19.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200606-19 (Sendmail: Denial of Service) Frank Sheiness discovered that the mime8to7() function can recurse endlessly during the decoding of multipart MIME messages until the stack of the process is filled and the process crashes. Impact : By sending specially crafted multipart MIME messages, a remote attacker can cause a subprocess forked by Sendmail to crash. If Sendmail is not set to use a randomized queue processing, the attack will effectively halt the delivery of queued mails as well as the malformed one, incoming mail delivered interactively is not affected. Additionally, on systems where core dumps with an individual naming scheme (like
    last seen2020-06-01
    modified2020-06-02
    plugin id21712
    published2006-06-16
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21712
    titleGLSA-200606-19 : Sendmail: Denial of Service
  • NASL familyAIX Local Security Checks
    NASL idAIX_U477911.NASL
    descriptionThe remote host is missing AIX PTF U477911, which is related to the security of the package bos.net.tcp.client.
    last seen2020-06-01
    modified2020-06-02
    plugin id65261
    published2013-03-13
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65261
    titleAIX 5.2 TL 9 / 5.2 TL 8 : bos.net.tcp.client (U477911)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_34927.NASL
    descriptions700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS). (HPSBUX02124 SSRT061159)
    last seen2020-06-01
    modified2020-06-02
    plugin id22175
    published2006-08-08
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22175
    titleHP-UX PHNE_34927 : s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0515.NASL
    descriptionUpdated sendmail packages are now available to fix a denial of service security issue. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 27 June 2006] The sendmail-docs packages for Red Hat Enterprise Linux 3 have been updated to the correct version and release. Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of multi-part MIME messages was discovered in Sendmail. A remote attacker could create a carefully crafted message that could crash the sendmail process during delivery (CVE-2006-1173). By default on Red Hat Enterprise Linux, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be remotely vulnerable to this issue. Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id21903
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21903
    titleCentOS 3 / 4 : sendmail (CESA-2006:0515)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_114137.NASL
    descriptionSunOS 5.9_x86: sendmail Patch. Date this patch was last updated by Sun : Mar/04/08
    last seen2020-06-01
    modified2020-06-02
    plugin id13592
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13592
    titleSolaris 9 (x86) : 114137-10
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-104.NASL
    descriptionA vulnerability in the way Sendmail handles multi-part MIME messages was discovered that could allow a remote attacker to create a carefully crafted message that could crash the sendmail process during delivery. The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21719
    published2006-06-16
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21719
    titleMandrake Linux Security Advisory : sendmail (MDKSA-2006:104)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_34689.NASL
    descriptions700_800 11.23 sendmail(1m) 8.11.1 patch : A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS).
    last seen2020-06-01
    modified2020-06-02
    plugin id22173
    published2006-08-08
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22173
    titleHP-UX PHNE_34689 : HP-UX Sendmail MIME Remote Denial of Service (DoS) (HPSBUX02124 SSRT061159 rev.2)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_34936.NASL
    descriptions700_800 11.11 sendmail(1M) 8.9.3 patch : A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS).
    last seen2020-06-01
    modified2020-06-02
    plugin id22176
    published2006-08-08
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22176
    titleHP-UX PHNE_34936 : HP-UX Sendmail MIME Remote Denial of Service (DoS) (HPSBUX02124 SSRT061159 rev.2)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2006-837.NASL
    description - Tue Jul 18 2006 Thomas Woerner <twoerner at redhat.com> 8.13.7-2.fc5.1 - using new syntax for access database (#177566) - fixed failure message while shutting down sm-client (#119429) resolution: stop sm-client before sendmail - fixed method to specify persistent queue runners (#126760) - removed patch backup files from sendmail-cf tree (#152955) - fixed missing dnl on SMART_HOST define (#166680) - fixed wrong location of aliases and aliases.db file in aliases man page (#166744) - enabled CipherList config option for sendmail (#172352) - added user chowns for /etc/mail/authinfo.db and move check for cf files (#184341) - fixed Makefile of vacation (#191396) vacation is not included in this sendmail package - /var/log/mail now belongs to sendmail (#192850) - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 8.13.7-2.1 - rebuild - Mon Jun 19 2006 Thomas Woerner <twoerner at redhat.com> 8.13.7-2 - dropped reference to Red Hat Linux in sendmail-redhat.mc (#176679) - Mon Jun 19 2006 Thomas Woerner <twoerner at redhat.com> 8.13.7-1 - new version 8.13.7 (#195282) - fixes CVE-2006-1173 (VU#146718): possible denial of service issue caused by malformed multipart messages (#195776) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24154
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24154
    titleFedora Core 5 : sendmail-8.13.7-2.fc5.1 (2006-837)

Oval

accepted2013-04-29T04:12:41.573-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionSendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
familyunix
idoval:org.mitre.oval:def:11253
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleSendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
version26

Redhat

advisories
bugzilla
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentsendmail is earlier than 0:8.13.1-3.RHEL4.5
          ovaloval:com.redhat.rhsa:tst:20060515001
        • commentsendmail is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060264002
      • AND
        • commentsendmail-devel is earlier than 0:8.13.1-3.RHEL4.5
          ovaloval:com.redhat.rhsa:tst:20060515003
        • commentsendmail-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060264004
      • AND
        • commentsendmail-cf is earlier than 0:8.13.1-3.RHEL4.5
          ovaloval:com.redhat.rhsa:tst:20060515005
        • commentsendmail-cf is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060264008
      • AND
        • commentsendmail-doc is earlier than 0:8.13.1-3.RHEL4.5
          ovaloval:com.redhat.rhsa:tst:20060515007
        • commentsendmail-doc is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060264006
rhsa
idRHSA-2006:0515
released2006-06-14
severityImportant
titleRHSA-2006:0515: sendmail security update (Important)
rpms
  • sendmail-0:8.12.11-4.RHEL3.6
  • sendmail-0:8.13.1-3.RHEL4.5
  • sendmail-cf-0:8.12.11-4.RHEL3.6
  • sendmail-cf-0:8.13.1-3.RHEL4.5
  • sendmail-debuginfo-0:8.12.11-4.RHEL3.6
  • sendmail-debuginfo-0:8.13.1-3.RHEL4.5
  • sendmail-devel-0:8.12.11-4.RHEL3.6
  • sendmail-devel-0:8.13.1-3.RHEL4.5
  • sendmail-doc-0:8.12.11-4.RHEL3.6
  • sendmail-doc-0:8.13.1-3.RHEL4.5

References