Vulnerability CVE-2006-4434


Published: 2006-08-28   Modified: 2012-02-12

Description:
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

Type:

CWE-399

(Resource Management Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Sendmail -> Sendmail 

 References:
http://www.sendmail.org/releases/8.13.8.html
http://www.securityfocus.com/bid/19714
http://securitytracker.com/id?1016753
http://secunia.com/advisories/21641
http://secunia.com/advisories/21637
http://www.vupen.com/english/advisories/2006/3994
http://www.vupen.com/english/advisories/2006/3393
http://www.osvdb.org/28193
http://www.openbsd.org/errata38.html#sendmail3
http://www.openbsd.org/errata.html#sendmail3
http://www.novell.com/linux/security/advisories/2006_21_sr.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:156
http://www.debian.org/security/2006/dsa-1164
http://www.attrition.org/pipermail/vim/2006-August/000999.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1
http://secunia.com/advisories/22369
http://secunia.com/advisories/21749
http://secunia.com/advisories/21700
http://secunia.com/advisories/21696

Copyright 2024, cxsecurity.com

 

Back to Top