SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Sendmail Vendors:   Sendmail Consortium
Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
SecurityTracker Alert ID:  1016295
SecurityTracker URL:  http://securitytracker.com/id/1016295
CVE Reference:   CVE-2006-1173   (Links to External Site)
Date:  Jun 14 2006
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.13.7
Description:   A vulnerability was reported in Sendmail. A remote user can cause denial of service conditions.

A remote user can send a specially crafted message containing malformed, deeply nested MIME content to cause excessive recursion, leading to stack exhaustion when the system attempts to deliver the message from the queue. Only mail delivered from the queue is affected. The system may fail to reattempt delivery of messages in the queue. Incoming mail is still accepted and delivered.

Also, if the system is configured to write uniquely named core dump files per process, the disk space may become filled with core dumps.

The vendor credits Frank Sheiness with reporting this vulnerability.

Impact:   A remote user may be able to stop the delivery of queued messages.
Solution:   The vendor has issued a fixed version (8.13.7).

The vendor's notice is available at:

http://www.sendmail.org/releases/8.13.7.html

The sendmail.com advisory is available at:

http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc

Vendor URL:  www.sendmail.org/releases/8.13.7.html (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 14 2006 (Sun Describes Workaround) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
Sun has issued an advisory describing a workaround for Sun Solaris.
Jun 14 2006 (Red Hat Issues Fix) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
Red Hat has released a fix for Red Hat Enterprise Linux 2.1, 3, and 4.
Jun 15 2006 (NetBSD Issues Fix) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
NetBSD has released a fix for NetBSD 2.0, 2.1, and 3.0.
Jun 15 2006 (FreeBSD Issues Fix) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
FreeBSD has released a fix.
Jun 15 2006 (IBM Issues Interim Fix) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
IBM has issued an interim fix for Sendmail on IBM AIX 5.2 and 5.3.
Jun 15 2006 (SGI Issues Fix) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
SGI has issued a fixed for IRIX.
Jun 16 2006 (OpenBSD Issues Fix) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
OpenBSD has issued a patch.
Jun 16 2006 (HP Issues Fix for Tru64) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
HP has issued a fix for Sendmail on HP Tru64 UNIX and for HP Internet Express for Tru64 UNIX.
Jul 14 2006 (F-Secure Issues Fix for Messaging Security Gateway) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
F-Secure has issued a fix for the F-Secure Messaging Security Gateway, which is affected by the sendmail vulnerability.
Aug 2 2006 (HP Issues Fix for HP-UX) Sendmail Excessive Recursion in Processing Malformed MIME Messages Lets Remote Users Deny Service
HP has issued fixes for HP-UX.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC