National Cyber-Alert System

Vulnerability Summary for CVE-2006-1173

Overview

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.

Impact

CVSS Severity (version 2.0 upgrade from v1.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#146718

Name: VU#146718

Type: Advisory

Hyperlink:http://www.kb.cert.org/vuls/id/146718

External Source: CONFIRM

Name: http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc

Type: Advisory; Patch Information

Hyperlink:http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc

External Source: BID

Name: 18433

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/18433

External Source: VUPEN

Name: ADV-2006-2189

Type: Advisory; Patch Information

Hyperlink:http://www.frsirt.com/english/advisories/2006/2189

External Source: SUNALERT

Name: 102460

Type: Advisory; Patch Information

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1

External Source: SECUNIA

Name: 20473

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/20473

External Source: SECUNIA

Name: 15779

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/15779

External Source: REDHAT

Name: RHSA-2006:0515

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0515.html

External Source: SECTRACK

Name: 1016295

Hyperlink:http://securitytracker.com/id?1016295

External Source: HP

Name: SSRT061135

Hyperlink:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-526

Hyperlink:https://issues.rpath.com/browse/RPL-526

External Source: XF

Name: sendmail-multipart-mime-dos(27128)

Hyperlink:http://xforce.iss.net/xforce/xfdb/27128

External Source: HP

Name: SSRT061159

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/442939/100/0/threaded

External Source: BUGTRAQ

Name: 20060721 rPSA-2006-0134-1 sendmail sendmail-cf

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/440744/100/0/threaded

External Source: BUGTRAQ

Name: 20060624 Re: Sendmail MIME DoS vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/438330/100/0/threaded

External Source: BUGTRAQ

Name: 20060621 Re: Sendmail MIME DoS vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/438241/100/0/threaded

External Source: BUGTRAQ

Name: 20060620 Sendmail MIME DoS vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/437928/100/0/threaded

External Source: OSVDB

Name: 26197

Hyperlink:http://www.osvdb.org/26197

External Source: OPENBSD

Name: [3.8] 008: SECURITY FIX: June 15, 2006

Hyperlink:http://www.openbsd.org/errata38.html#sendmail2

External Source: MANDRIVA

Name: MDKSA-2006:104

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:104

External Source: GENTOO

Name: GLSA-200606-19

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml

External Source: VUPEN

Name: ADV-2006-3135

Hyperlink:http://www.frsirt.com/english/advisories/2006/3135

External Source: VUPEN

Name: ADV-2006-2798

Hyperlink:http://www.frsirt.com/english/advisories/2006/2798

External Source: VUPEN

Name: ADV-2006-2390

Hyperlink:http://www.frsirt.com/english/advisories/2006/2390

External Source: VUPEN

Name: ADV-2006-2389

Hyperlink:http://www.frsirt.com/english/advisories/2006/2389

External Source: VUPEN

Name: ADV-2006-2388

Hyperlink:http://www.frsirt.com/english/advisories/2006/2388

External Source: VUPEN

Name: ADV-2006-2351

Hyperlink:http://www.frsirt.com/english/advisories/2006/2351

External Source: CONFIRM

Name: http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html

Hyperlink:http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html

External Source: CONFIRM

Name: http://www.f-secure.com/security/fsc-2006-5.shtml

Hyperlink:http://www.f-secure.com/security/fsc-2006-5.shtml

External Source: DEBIAN

Name: DSA-1155

Hyperlink:http://www.debian.org/security/2006/dsa-1155

External Source: AIXAPAR

Name: IY85930

Hyperlink:http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only

External Source: AIXAPAR

Name: IY85415

Hyperlink:http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm

External Source: SLACKWARE

Name: SSA:2006-166-01

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382

External Source: SECUNIA

Name: 21647

Hyperlink:http://secunia.com/advisories/21647

External Source: SECUNIA

Name: 21612

Hyperlink:http://secunia.com/advisories/21612

External Source: SECUNIA

Name: 21327

Hyperlink:http://secunia.com/advisories/21327

External Source: SECUNIA

Name: 21160

Hyperlink:http://secunia.com/advisories/21160

External Source: SECUNIA

Name: 21042

Hyperlink:http://secunia.com/advisories/21042

External Source: SECUNIA

Name: 20782

Hyperlink:http://secunia.com/advisories/20782

External Source: SECUNIA

Name: 20726

Hyperlink:http://secunia.com/advisories/20726

External Source: SECUNIA

Name: 20694

Hyperlink:http://secunia.com/advisories/20694

External Source: SECUNIA

Name: 20684

Hyperlink:http://secunia.com/advisories/20684

External Source: SECUNIA

Name: 20683

Hyperlink:http://secunia.com/advisories/20683

External Source: SECUNIA

Name: 20679

Hyperlink:http://secunia.com/advisories/20679

External Source: SECUNIA

Name: 20675

Hyperlink:http://secunia.com/advisories/20675

External Source: SECUNIA

Name: 20673

Hyperlink:http://secunia.com/advisories/20673

External Source: SECUNIA

Name: 20654

Hyperlink:http://secunia.com/advisories/20654

External Source: SECUNIA

Name: 20651

Hyperlink:http://secunia.com/advisories/20651

External Source: SECUNIA

Name: 20650

Hyperlink:http://secunia.com/advisories/20650

External Source: SECUNIA

Name: 20641

Hyperlink:http://secunia.com/advisories/20641

External Source: SUSE

Name: SUSE-SA:2006:032

Hyperlink:http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html

External Source: MANDRIVA

Name: MDKSA-2006:104

Hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:104

External Source: SGI

Name: 20060602-01-U

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc

External Source: SGI

Name: 20060601-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P

External Source: FREEBSD

Name: FreeBSD-SA-06:17.sendmail

Hyperlink:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc