Vulnerabilities > CVE-2006-4434 - Use After Free vulnerability in Sendmail
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SENDMAIL-2027.NASL description Without this update sendmail may crash when finishing a mail due to referencing an already freed variable (CVE-2006-4434). last seen 2020-06-01 modified 2020-06-02 plugin id 27446 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27446 title openSUSE 10 Security Update : sendmail (sendmail-2027) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update sendmail-2027. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27446); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2006-4434"); script_name(english:"openSUSE 10 Security Update : sendmail (sendmail-2027)"); script_summary(english:"Check for the sendmail-2027 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Without this update sendmail may crash when finishing a mail due to referencing an already freed variable (CVE-2006-4434)." ); script_set_attribute( attribute:"solution", value:"Update the affected sendmail package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sendmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"sendmail-8.13.6-9.9") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sendmail"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_125011.NASL description SunOS 5.10: sendmail patch. Date this patch was last updated by Sun : Jan/29/07 last seen 2018-09-02 modified 2018-08-13 plugin id 24380 published 2007-02-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=24380 title Solaris 10 (sparc) : 125011-01 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(24380); script_version("1.23"); script_name(english: "Solaris 10 (sparc) : 125011-01"); script_cve_id("CVE-2006-4434"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 125011-01"); script_set_attribute(attribute: "description", value: 'SunOS 5.10: sendmail patch. Date this patch was last updated by Sun : Jan/29/07'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1000292.1.html"); script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/08/25"); script_end_attributes(); script_summary(english: "Check for patch 125011-01"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Solaris Local Security Checks NASL id SOLARIS9_113575.NASL description SunOS 5.9: sendmail patch. Date this patch was last updated by Sun : Feb/05/08 last seen 2020-06-01 modified 2020-06-02 plugin id 13541 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13541 title Solaris 9 (sparc) : 113575-11 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13541); script_version("1.39"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2006-0058", "CVE-2006-1173", "CVE-2006-4434"); script_name(english:"Solaris 9 (sparc) : 113575-11"); script_summary(english:"Check for patch 113575-11"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 113575-11" ); script_set_attribute( attribute:"description", value: "SunOS 5.9: sendmail patch. Date this patch was last updated by Sun : Feb/05/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/113575-11" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113575-11", obsoleted_by:"", package:"SUNWsndmr", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"113575-11", obsoleted_by:"", package:"SUNWsndmu", version:"11.9.0,REV=2002.04.06.15.27") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1164.NASL description A programming error has been discovered in sendmail, an alternative mail transport agent for Debian, that could allow a remote attacker to crash the sendmail process by sending a specially crafted email message. Please note that in order to install this update you also need libsasl2 library from proposed updates as outlined in DSA 1155-2. last seen 2020-06-01 modified 2020-06-02 plugin id 22706 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22706 title Debian DSA-1164-1 : sendmail - programming error code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1164. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22706); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2006-4434"); script_bugtraq_id(19714); script_xref(name:"DSA", value:"1164"); script_name(english:"Debian DSA-1164-1 : sendmail - programming error"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A programming error has been discovered in sendmail, an alternative mail transport agent for Debian, that could allow a remote attacker to crash the sendmail process by sending a specially crafted email message. Please note that in order to install this update you also need libsasl2 library from proposed updates as outlined in DSA 1155-2." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385054" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1164" ); script_set_attribute( attribute:"solution", value: "Upgrade the sendmail package. For the stable distribution (sarge) this problem has been fixed in version 8.13.3-3sarge3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sendmail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"libmilter-dev", reference:"8.13.4-3sarge3")) flag++; if (deb_check(release:"3.1", prefix:"libmilter0", reference:"8.13.4-3sarge3")) flag++; if (deb_check(release:"3.1", prefix:"rmail", reference:"8.13.4-3sarge3")) flag++; if (deb_check(release:"3.1", prefix:"sendmail", reference:"8.13.4-3sarge3")) flag++; if (deb_check(release:"3.1", prefix:"sendmail-base", reference:"8.13.4-3sarge3")) flag++; if (deb_check(release:"3.1", prefix:"sendmail-bin", reference:"8.13.4-3sarge3")) flag++; if (deb_check(release:"3.1", prefix:"sendmail-cf", reference:"8.13.4-3sarge3")) flag++; if (deb_check(release:"3.1", prefix:"sendmail-doc", reference:"8.13.4-3sarge3")) flag++; if (deb_check(release:"3.1", prefix:"sensible-mda", reference:"8.13.4-3sarge3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-156.NASL description Moritz Jodeit discovered a vulnerability in sendmail when processing very long header lines that could be exploited to cause a Denial of Service by crashing sendmail. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 23900 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23900 title Mandrake Linux Security Advisory : sendmail (MDKSA-2006:156) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:156. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(23900); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-4434"); script_bugtraq_id(19714); script_xref(name:"MDKSA", value:"2006:156"); script_name(english:"Mandrake Linux Security Advisory : sendmail (MDKSA-2006:156)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Moritz Jodeit discovered a vulnerability in sendmail when processing very long header lines that could be exploited to cause a Denial of Service by crashing sendmail. The updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-cf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sendmail-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", reference:"sendmail-8.13.4-6.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"sendmail-cf-8.13.4-6.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"sendmail-devel-8.13.4-6.3.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"sendmail-doc-8.13.4-6.3.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SENDMAIL-2030.NASL description Without this update sendmail may crash when finishing a mail due to referencing an already freed variable. (CVE-2006-4434) last seen 2020-06-01 modified 2020-06-02 plugin id 29579 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29579 title SuSE 10 Security Update : sendmail (ZYPP Patch Number 2030) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29579); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2006-4434"); script_name(english:"SuSE 10 Security Update : sendmail (ZYPP Patch Number 2030)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Without this update sendmail may crash when finishing a mail due to referencing an already freed variable. (CVE-2006-4434)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-4434.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2030."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:0, reference:"sendmail-8.13.6-9.9")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"sendmail-8.13.6-9.9")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family SMTP problems NASL id SENDMAIL_8_13_8.NASL description The remote mail server is running a version of Sendmail earlier than 8.13.8. Such versions are reportedly affected by a use-after-free flaw that may allow an attacker to crash the server. last seen 2020-06-01 modified 2020-06-02 plugin id 17724 published 2011-11-18 reporter This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17724 title Sendmail < 8.13.8 Header Processing Overflow DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(17724); script_version("1.8"); script_cvs_date("Date: 2018/09/17 21:46:53"); script_cve_id("CVE-2006-4434"); script_bugtraq_id(19714); script_name(english:"Sendmail < 8.13.8 Header Processing Overflow DoS"); script_summary(english:"Checks the version of Sendmail."); script_set_attribute(attribute:"synopsis", value: "The remote mail server is susceptible to a denial of service attack."); script_set_attribute(attribute:"description", value: "The remote mail server is running a version of Sendmail earlier than 8.13.8. Such versions are reportedly affected by a use-after-free flaw that may allow an attacker to crash the server."); script_set_attribute(attribute:"see_also", value:"http://www.sendmail.org/releases/8.13.8.php"); script_set_attribute(attribute:"solution", value:"Upgrade to Sendmail 8.13.8 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2006-4434"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/09"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:sendmail:sendmail"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SMTP problems"); script_dependencies("sendmail_detect.nbin"); script_require_keys("installed_sw/Sendmail"); exit(0); } include("vcf.inc"); app_info = vcf::get_app_info(app:"Sendmail"); constraints = [{ "fixed_version" : "8.13.8" }]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125012.NASL description SunOS 5.10_x86: sendmail patch. Date this patch was last updated by Sun : Jan/29/07 last seen 2018-09-01 modified 2018-08-13 plugin id 24392 published 2007-02-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=24392 title Solaris 10 (x86) : 125012-01 NASL family SuSE Local Security Checks NASL id SUSE9_11200.NASL description Without this update sendmail may crash when finishing a mail due to referencing an already freed variable. (CVE-2006-4434) last seen 2020-06-01 modified 2020-06-02 plugin id 41098 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41098 title SuSE9 Security Update : sendmail (YOU Patch Number 11200) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_125012-01.NASL description SunOS 5.10_x86: sendmail patch. Date this patch was last updated by Sun : Jan/29/07 last seen 2020-06-01 modified 2020-06-02 plugin id 107916 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107916 title Solaris 10 (x86) : 125012-01 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114137.NASL description SunOS 5.9_x86: sendmail Patch. Date this patch was last updated by Sun : Mar/04/08 last seen 2020-06-01 modified 2020-06-02 plugin id 13592 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13592 title Solaris 9 (x86) : 114137-10 NASL family Solaris Local Security Checks NASL id SOLARIS10_125011-01.NASL description SunOS 5.10: sendmail patch. Date this patch was last updated by Sun : Jan/29/07 last seen 2020-06-01 modified 2020-06-02 plugin id 107413 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107413 title Solaris 10 (sparc) : 125011-01
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-08-30 |
| organization | Red Hat |
| statement | This flaw causes a crash but does not result in a denial of service against Sendmail and is therefore not a security issue. |
References
- http://www.sendmail.org/releases/8.13.8.html
- http://www.openbsd.org/errata38.html#sendmail3
- http://www.openbsd.org/errata.html#sendmail3
- http://www.securityfocus.com/bid/19714
- http://securitytracker.com/id?1016753
- http://secunia.com/advisories/21637
- http://secunia.com/advisories/21641
- http://www.debian.org/security/2006/dsa-1164
- http://www.attrition.org/pipermail/vim/2006-August/000999.html
- http://secunia.com/advisories/21696
- http://secunia.com/advisories/21700
- http://www.novell.com/linux/security/advisories/2006_21_sr.html
- http://www.osvdb.org/28193
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1
- http://secunia.com/advisories/22369
- http://secunia.com/advisories/21749
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:156
- http://www.vupen.com/english/advisories/2006/3994
- http://www.vupen.com/english/advisories/2006/3393