SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Server)  >   Sendmail Vendors:   Sendmail Consortium
Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
SecurityTracker Alert ID:  1016295
SecurityTracker URL:  http://securitytracker.com/id/1016295
CVE Reference:   CVE-2006-1173   (Links to External Site)
Date:  Jun 14 2006
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.13.7
Description:   A vulnerability was reported in Sendmail. A remote user can cause denial of service conditions.

A remote user can send a specially crafted message containing malformed, deeply nested MIME content to cause excessive recursion, leading to stack exhaustion when the system attempts to deliver the message from the queue. Only mail delivered from the queue is affected. The system may fail to reattempt delivery of messages in the queue. Incoming mail is still accepted and delivered.

Also, if the system is configured to write uniquely named core dump files per process, the disk space may become filled with core dumps.

The vendor credits Frank Sheiness with reporting this vulnerability.
Impact:   A remote user may be able to stop the delivery of queued messages.
Solution:   The vendor has issued a fixed version (8.13.7).

The vendor's notice is available at:

http://www.sendmail.org/releases/8.13.7.html

The sendmail.com advisory is available at:

http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
Vendor URL:  www.sendmail.org/releases/8.13.7.html (Links to External Site)
Cause:   State error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 14 2006 (Sun Describes Workaround) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
Sun has issued an advisory describing a workaround for Sun Solaris.
Jun 14 2006 (Red Hat Issues Fix) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 2.1, 3, and 4.
Jun 15 2006 (NetBSD Issues Fix) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service   (NetBSD Security-Officer <security-officer@NetBSD.org>)
NetBSD has released a fix for NetBSD 2.0, 2.1, and 3.0.
Jun 15 2006 (FreeBSD Issues Fix) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service   (FreeBSD Security Advisories <security-advisories@freebsd.org>)
FreeBSD has released a fix.
Jun 15 2006 (IBM Issues Interim Fix) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
IBM has issued an interim fix for Sendmail on IBM AIX 5.2 and 5.3.
Jun 15 2006 (SGI Issues Fix) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
SGI has issued a fixed for IRIX.
Jun 16 2006 (OpenBSD Issues Fix) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
OpenBSD has issued a patch.
Jun 16 2006 (HP Issues Fix for Tru64) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
HP has issued a fix for Sendmail on HP Tru64 UNIX and for HP Internet Express for Tru64 UNIX.
Jul 14 2006 (F-Secure Issues Fix for Messaging Security Gateway) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
F-Secure has issued a fix for the F-Secure Messaging Security Gateway, which is affected by the sendmail vulnerability.
Aug 2 2006 (HP Issues Fix for HP-UX) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
HP has issued fixes for HP-UX.


 Source Message Contents
Date:  Wed, 14 Jun 2006 12:34:00 -0400
Subject:  Sendmail vulnerability


http://www.sendmail.org/releases/8.13.7.html

CVE-2006-1173


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC