CVE-2006-4434

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.sendmail.org/releases/8.13.8.html	Patch
http://www.openbsd.org/errata38.html#sendmail3
http://www.openbsd.org/errata.html#sendmail3
http://www.securityfocus.com/bid/19714	Patch
http://securitytracker.com/id?1016753	Patch
http://secunia.com/advisories/21637	Patch Vendor Advisory
http://secunia.com/advisories/21641	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1164
http://www.attrition.org/pipermail/vim/2006-August/000999.html
http://secunia.com/advisories/21696	Vendor Advisory
http://secunia.com/advisories/21700	Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_21_sr.html
http://www.osvdb.org/28193
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1
http://secunia.com/advisories/22369	Vendor Advisory
http://secunia.com/advisories/21749	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:156
http://www.vupen.com/english/advisories/2006/3994	Vendor Advisory
http://www.vupen.com/english/advisories/2006/3393	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sendmail:sendmail:4.55:::::::*
	cpe:2.3:a:sendmail:sendmail:5.61:::::::*
	cpe:2.3:a:sendmail:sendmail:8.11.0:::::::*
	cpe:2.3:a:sendmail:sendmail:8.11.2:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12.1:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12.11:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12.6:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12.8:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12:beta10::::::
	cpe:2.3:a:sendmail:sendmail:8.13.3:::::::*
	cpe:2.3:a:sendmail:sendmail:8.13.5:::::::*
	cpe:2.3:a:sendmail:sendmail:8.11.4:::::::*
	cpe:2.3:a:sendmail:sendmail:8.8.8:::::::*
	cpe:2.3:a:sendmail:sendmail:8.11.7:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12:beta16::::::
	cpe:2.3:a:sendmail:sendmail:8.12.3:::::::*
	cpe:2.3:a:sendmail:sendmail:8.9.1:::::::*
	cpe:2.3:a:sendmail:sendmail:8.10.2:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12.4:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12:beta12::::::
	cpe:2.3:a:sendmail:sendmail:8.9.0:::::::*
	cpe:2.3:a:sendmail:sendmail:8.10.1:::::::*
	cpe:2.3:a:sendmail:sendmail:8.13.7:::::::*
	cpe:2.3:a:sendmail:sendmail:5.65:::::::*
	cpe:2.3:a:sendmail:sendmail:8.11.6:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12.5:::::::*
	cpe:2.3:a:sendmail:sendmail:8.10:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12:beta7::::::
	cpe:2.3:a:sendmail:sendmail:8.9.3:::::::*
	cpe:2.3:a:sendmail:sendmail:4.1:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12:beta5::::::
	cpe:2.3:a:sendmail:sendmail:8.12.2:::::::*
	cpe:2.3:a:sendmail:sendmail:8.11.5:::::::*
	cpe:2.3:a:sendmail:sendmail:8.9.2:::::::*
	cpe:2.3:a:sendmail:sendmail:8.13.4:::::::*
	cpe:2.3:a:sendmail:sendmail:8.11.1:::::::*
	cpe:2.3:a:sendmail:sendmail:8.11.3:::::::*
	cpe:2.3:a:sendmail:sendmail:5.59:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12.9:::::::*
	cpe:2.3:a:sendmail:sendmail:8.13.6:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12.0:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12.7:::::::*
	cpe:2.3:a:sendmail:sendmail:8.12.10:::::::*

Information

Published : 2006-08-28 17:04

Updated : 2011-03-09 21:00

NVD link : CVE-2006-4434

Mitre link : CVE-2006-4434

JSON object : View

CWE

CWE-399

Resource Management Errors

Products Affected

sendmail

sendmail

5.0 /10