Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1173

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1173
Last Modified 13 May 2011 12:00:00
Published 07 Jun 2006 07:06:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1173

Summary

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.

Vulnerable Systems

Application

  • Sendmail 8.10

  • Sendmail 8.10.1

  • Sendmail 8.10.2

  • Sendmail 8.11.0

  • Sendmail 8.11.1

  • Sendmail 8.11.2

  • Sendmail 8.11.3

  • Sendmail 8.11.4

  • Sendmail 8.11.5

  • Sendmail 8.11.6

  • Sendmail 8.11.7

  • Sendmail 8.12

  • Sendmail 8.12.0

  • Sendmail 8.12.1

  • Sendmail 8.12.10

  • Sendmail 8.12.11

  • Sendmail 8.12.2

  • Sendmail 8.12.3

  • Sendmail 8.12.4

  • Sendmail 8.12.5

  • Sendmail 8.12.6

  • Sendmail 8.12.7

  • Sendmail 8.12.8

  • Sendmail 8.12.9

  • Sendmail 8.13.0

  • Sendmail 8.13.1

  • Sendmail 8.13.1.2

  • Sendmail 8.13.2

  • Sendmail 8.13.3

  • Sendmail 8.13.4

  • Sendmail 8.13.5

  • Sendmail 8.13.6

  • Sendmail 8.8.8

  • Sendmail 8.9.0

  • Sendmail 8.9.1

  • Sendmail 8.9.2

  • Sendmail 8.9.3


References

CERT-VN - VU#146718

CONFIRM - http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc

BID - 18433

SUNALERT - 102460

SECUNIA - 20473

SECUNIA - 15779

CONFIRM - https://issues.rpath.com/browse/RPL-526

XF - sendmail-multipart-mime-dos(27128)

VUPEN - ADV-2006-3135

VUPEN - ADV-2006-2798

VUPEN - ADV-2006-2390

VUPEN - ADV-2006-2389

VUPEN - ADV-2006-2388

VUPEN - ADV-2006-2351

VUPEN - ADV-2006-2189

HP - HPSBUX02124

HP - SSRT061159

BUGTRAQ - 20060721 rPSA-2006-0134-1 sendmail sendmail-cf

BUGTRAQ - 20060624 Re: Sendmail MIME DoS vulnerability

BUGTRAQ - 20060621 Re: Sendmail MIME DoS vulnerability

BUGTRAQ - 20060620 Sendmail MIME DoS vulnerability

REDHAT - RHSA-2006:0515

OSVDB - 26197

OPENBSD - [3.8] 008: SECURITY FIX: June 15, 2006

MANDRIVA - MDKSA-2006:104

GENTOO - GLSA-200606-19

CONFIRM - http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html

CONFIRM - http://www.f-secure.com/security/fsc-2006-5.shtml

DEBIAN - DSA-1155

AIXAPAR - IY85930

AIXAPAR - IY85415

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm

SLACKWARE - SSA:2006-166-01

SECTRACK - 1016295

SECUNIA - 21647

SECUNIA - 21612

SECUNIA - 21327

SECUNIA - 21160

SECUNIA - 21042

SECUNIA - 20782

SECUNIA - 20726

SECUNIA - 20694

SECUNIA - 20684

SECUNIA - 20683

SECUNIA - 20679

SECUNIA - 20675

SECUNIA - 20673

SECUNIA - 20654

SECUNIA - 20651

SECUNIA - 20650

SECUNIA - 20641

SUSE - SUSE-SA:2006:032

HP - SSRT061135

HP - HPSBTU02116

SGI - 20060602-01-U

SGI - 20060601-01-P

FREEBSD - FreeBSD-SA-06:17.sendmail


Last Updated: 27 May 2016 10:41:58