Vulnerabilities > CVE-2006-4434 - Use After Free vulnerability in Sendmail

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
sendmail
CWE-416
nessus

Summary

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SENDMAIL-2027.NASL
    descriptionWithout this update sendmail may crash when finishing a mail due to referencing an already freed variable (CVE-2006-4434).
    last seen2020-06-01
    modified2020-06-02
    plugin id27446
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27446
    titleopenSUSE 10 Security Update : sendmail (sendmail-2027)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update sendmail-2027.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27446);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2006-4434");
    
      script_name(english:"openSUSE 10 Security Update : sendmail (sendmail-2027)");
      script_summary(english:"Check for the sendmail-2027 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Without this update sendmail may crash when finishing a mail due to
    referencing an already freed variable (CVE-2006-4434)."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected sendmail package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sendmail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"sendmail-8.13.6-9.9") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sendmail");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_125011.NASL
    descriptionSunOS 5.10: sendmail patch. Date this patch was last updated by Sun : Jan/29/07
    last seen2018-09-02
    modified2018-08-13
    plugin id24380
    published2007-02-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=24380
    titleSolaris 10 (sparc) : 125011-01
    code
    #%NASL_MIN_LEVEL 80502
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a recommended security fix.
    #
    # Disabled on 2011/10/24.
    #
    
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(24380);
     script_version("1.23");
    
     script_name(english: "Solaris 10 (sparc) : 125011-01");
     script_cve_id("CVE-2006-4434");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 125011-01");
     script_set_attribute(attribute: "description", value:
    'SunOS 5.10: sendmail patch.
    Date this patch was last updated by Sun : Jan/29/07');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "http://download.oracle.com/sunalerts/1000292.1.html");
     script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
     script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18");
     script_cvs_date("Date: 2019/10/25 13:36:23");
     script_set_attribute(attribute:"vuln_publication_date", value: "2006/08/25");
     script_end_attributes();
    
     script_summary(english: "Check for patch 125011-01");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    # Deprecated.
    exit(0, "The associated patch is not currently a recommended security fix.");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_113575.NASL
    descriptionSunOS 5.9: sendmail patch. Date this patch was last updated by Sun : Feb/05/08
    last seen2020-06-01
    modified2020-06-02
    plugin id13541
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13541
    titleSolaris 9 (sparc) : 113575-11
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(13541);
      script_version("1.39");
      script_cvs_date("Date: 2019/10/25 13:36:25");
    
      script_cve_id("CVE-2006-0058", "CVE-2006-1173", "CVE-2006-4434");
    
      script_name(english:"Solaris 9 (sparc) : 113575-11");
      script_summary(english:"Check for patch 113575-11");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 113575-11"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.9: sendmail patch.
    Date this patch was last updated by Sun : Feb/05/08"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/113575-11"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113575-11", obsoleted_by:"", package:"SUNWsndmr", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++;
    if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113575-11", obsoleted_by:"", package:"SUNWsndmu", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1164.NASL
    descriptionA programming error has been discovered in sendmail, an alternative mail transport agent for Debian, that could allow a remote attacker to crash the sendmail process by sending a specially crafted email message. Please note that in order to install this update you also need libsasl2 library from proposed updates as outlined in DSA 1155-2.
    last seen2020-06-01
    modified2020-06-02
    plugin id22706
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22706
    titleDebian DSA-1164-1 : sendmail - programming error
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1164. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22706);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:19");
    
      script_cve_id("CVE-2006-4434");
      script_bugtraq_id(19714);
      script_xref(name:"DSA", value:"1164");
    
      script_name(english:"Debian DSA-1164-1 : sendmail - programming error");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A programming error has been discovered in sendmail, an alternative
    mail transport agent for Debian, that could allow a remote attacker to
    crash the sendmail process by sending a specially crafted email
    message.
    
    Please note that in order to install this update you also need
    libsasl2 library from proposed updates as outlined in DSA 1155-2."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385054"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-1164"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the sendmail package.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 8.13.3-3sarge3."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sendmail");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"libmilter-dev", reference:"8.13.4-3sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"libmilter0", reference:"8.13.4-3sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"rmail", reference:"8.13.4-3sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"sendmail", reference:"8.13.4-3sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"sendmail-base", reference:"8.13.4-3sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"sendmail-bin", reference:"8.13.4-3sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"sendmail-cf", reference:"8.13.4-3sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"sendmail-doc", reference:"8.13.4-3sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"sensible-mda", reference:"8.13.4-3sarge3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-156.NASL
    descriptionMoritz Jodeit discovered a vulnerability in sendmail when processing very long header lines that could be exploited to cause a Denial of Service by crashing sendmail. The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id23900
    published2006-12-16
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/23900
    titleMandrake Linux Security Advisory : sendmail (MDKSA-2006:156)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2006:156. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(23900);
      script_version ("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:48");
    
      script_cve_id("CVE-2006-4434");
      script_bugtraq_id(19714);
      script_xref(name:"MDKSA", value:"2006:156");
    
      script_name(english:"Mandrake Linux Security Advisory : sendmail (MDKSA-2006:156)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Moritz Jodeit discovered a vulnerability in sendmail when processing
    very long header lines that could be exploited to cause a Denial of
    Service by crashing sendmail.
    
    The updated packages have been patched to correct this issue."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-cf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2006.0", reference:"sendmail-8.13.4-6.3.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"sendmail-cf-8.13.4-6.3.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"sendmail-devel-8.13.4-6.3.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"sendmail-doc-8.13.4-6.3.20060mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SENDMAIL-2030.NASL
    descriptionWithout this update sendmail may crash when finishing a mail due to referencing an already freed variable. (CVE-2006-4434)
    last seen2020-06-01
    modified2020-06-02
    plugin id29579
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29579
    titleSuSE 10 Security Update : sendmail (ZYPP Patch Number 2030)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29579);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:29");
    
      script_cve_id("CVE-2006-4434");
    
      script_name(english:"SuSE 10 Security Update : sendmail (ZYPP Patch Number 2030)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Without this update sendmail may crash when finishing a mail due to
    referencing an already freed variable. (CVE-2006-4434)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-4434.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2030.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:0, reference:"sendmail-8.13.6-9.9")) flag++;
    if (rpm_check(release:"SLES10", sp:0, reference:"sendmail-8.13.6-9.9")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySMTP problems
    NASL idSENDMAIL_8_13_8.NASL
    descriptionThe remote mail server is running a version of Sendmail earlier than 8.13.8. Such versions are reportedly affected by a use-after-free flaw that may allow an attacker to crash the server.
    last seen2020-06-01
    modified2020-06-02
    plugin id17724
    published2011-11-18
    reporterThis script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17724
    titleSendmail < 8.13.8 Header Processing Overflow DoS
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17724);
      script_version("1.8");
      script_cvs_date("Date: 2018/09/17 21:46:53");
    
      script_cve_id("CVE-2006-4434");
      script_bugtraq_id(19714);
    
      script_name(english:"Sendmail < 8.13.8 Header Processing Overflow DoS");
      script_summary(english:"Checks the version of Sendmail.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote mail server is susceptible to a denial of service
    attack.");
      script_set_attribute(attribute:"description", value:
    "The remote mail server is running a version of Sendmail earlier than
    8.13.8. Such versions are reportedly affected by a use-after-free flaw
    that may allow an attacker to crash the server.");
      script_set_attribute(attribute:"see_also", value:"http://www.sendmail.org/releases/8.13.8.php");
      script_set_attribute(attribute:"solution", value:"Upgrade to Sendmail 8.13.8 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2006-4434");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/08/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/18");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:sendmail:sendmail");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SMTP problems");
    
      script_dependencies("sendmail_detect.nbin");
      script_require_keys("installed_sw/Sendmail");
      exit(0);
    }
    
    include("vcf.inc");
    
    app_info = vcf::get_app_info(app:"Sendmail");
    
    constraints = [{ "fixed_version" : "8.13.8" }];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_125012.NASL
    descriptionSunOS 5.10_x86: sendmail patch. Date this patch was last updated by Sun : Jan/29/07
    last seen2018-09-01
    modified2018-08-13
    plugin id24392
    published2007-02-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=24392
    titleSolaris 10 (x86) : 125012-01
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_11200.NASL
    descriptionWithout this update sendmail may crash when finishing a mail due to referencing an already freed variable. (CVE-2006-4434)
    last seen2020-06-01
    modified2020-06-02
    plugin id41098
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41098
    titleSuSE9 Security Update : sendmail (YOU Patch Number 11200)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_125012-01.NASL
    descriptionSunOS 5.10_x86: sendmail patch. Date this patch was last updated by Sun : Jan/29/07
    last seen2020-06-01
    modified2020-06-02
    plugin id107916
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107916
    titleSolaris 10 (x86) : 125012-01
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_114137.NASL
    descriptionSunOS 5.9_x86: sendmail Patch. Date this patch was last updated by Sun : Mar/04/08
    last seen2020-06-01
    modified2020-06-02
    plugin id13592
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13592
    titleSolaris 9 (x86) : 114137-10
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_125011-01.NASL
    descriptionSunOS 5.10: sendmail patch. Date this patch was last updated by Sun : Jan/29/07
    last seen2020-06-01
    modified2020-06-02
    plugin id107413
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107413
    titleSolaris 10 (sparc) : 125011-01

Statements

contributorMark J Cox
lastmodified2006-08-30
organizationRed Hat
statementThis flaw causes a crash but does not result in a denial of service against Sendmail and is therefore not a security issue.

References