SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (E-mail Server)  >   Sendmail Vendors:   Sendmail Consortium
Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code
SecurityTracker Alert ID:  1015801
SecurityTracker URL:  http://securitytracker.com/id/1015801
CVE Reference:   CVE-2006-0058   (Links to External Site)
Updated:  Mar 22 2006
Original Entry Date:  Mar 22 2006
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.13.6
Description:   A vulnerability was reported in Sendmail. A remote user may be able to execute arbitrary code on the target system.

Under certain specific timing conditions, a remote user can send specially crafted e-mail data to the target system to exploit a race condition in a signal handler and trigger a buffer overflow. This may allow the remote user to execute arbitrary code on the target system with the privileges of the sendmail process.

ISS discovered this vulnerability.

The original advisory is available at:

http://xforce.iss.net/xforce/xfdb/24584

Impact:   A remote user can execute arbitrary code on the target system with the privileges of the sendmail process (typically root privileges).
Solution:   The vendor has issued a fixed version (8.13.6), available at:

http://www.sendmail.org/8.13.6.html

A patch is also available for 8.13.5:

ftp://ftp.sendmail.org/pub/sendmail/8.13.5.p0

A patch is also available for 8.12.11:

ftp://ftp.sendmail.org/pub/sendmail/8.12.11.p0

Vendor URL:  www.sendmail.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 22 2006 (Red Hat Issues Fix) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 3 and 4.
Mar 22 2006 (FreeBSD Issues Fix) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code   (FreeBSD Security Advisories <security-advisories@freebsd.org>)
FreeBSD has issued a fix.
Mar 22 2006 (Red Hat Issues Fix) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 2.1
Mar 22 2006 (Sendmail.com Issues Fix) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code
Sendmail.com has issued a fix for commercial versions of Sendmail and related products.
Mar 23 2006 (IBM Issues Fix for AIX) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code
IBM has issued interim fixes for AIX.
Mar 23 2006 (Sun Issues Fix) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code
Sun has issued a fix for Solaris 8, 9, and 10.
Mar 26 2006 (OpenBSD Issues Fix) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code
OpenBSD has issued a fix.
Mar 27 2006 (HP Issues Fix) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code   (secure@hpchs.cup.hp.com (Security Alert))
HP has issued a fix for HP-UX.
Mar 28 2006 (F-Secure Issues Fix) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code
F-Secure has issued a fix for F-Secure Messaging Security Gateway, which is affected by this Sendmail vulnerability.
Mar 30 2006 (NetBSD Issues Fix) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code   (NetBSD Security-Officer <security-officer@NetBSD.org>)
NetBSD has released a fix.
Apr 26 2006 (Cobalt RaQ is Affected) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code
Sun has issued an advisory for the Cobalt RaQ XTR, Cobalt RaQ 4, and Cobalt RaQ 550 servers.
May 23 2006 (SCO Issues Fix for UnixWare) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code   (SCO Security Advisories <security@sco.com>)
SCO has issued a fix for UnixWare 7.1.3 and 7.1.4.
Jun 6 2006 (HP Issues Fix for Tru64 and Internet Express) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code
HP has issued a fix for sendmail on HP Tru64 UNIX and on HP Internet Express for Tru64 UNIX.



 Source Message Contents

Date:  Wed, 22 Mar 2006 14:25:25 -0500
Subject:  Sendmail vulnerability


http://www.sendmail.com/company/advisory/index.shtml

CVE-2006-0058
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC