(Sun Describes Workaround ) Sendmail May Crash When Processing Mail with a Long Header
|
|
SecurityTracker Alert ID: 1017043
|
|
SecurityTracker URL: http://securitytracker.com/id?1017043
|
|
CVE Reference: CVE-2006-4434
(Links to External Site)
|
|
OSVDB Reference: 28193
(Links to External Site)
|
Date: Oct 11 2006
|
Impact: Denial of service via network
|
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): 8.13.7 and prior versions
|
Description: A vulnerability was reported in Sendmail. A remote user can cause denial of service conditions.
A remote user can send e-mail with specially crafted (and very long) header lines to trigger a "use-after-free" flaw and cause the
target sendmail service to crash.
Moritz Jodeit reported this vulnerability.
[Editor's note: The vendor reported on August
9, 2006 that a potential "crash" had been corrected, but the vendor did not describe the nature of the crash. OpenBSD reported
the security relevant nature of the crash on August 25, 2006.]
|
Impact: A remote user can cause sendmail to crash.
|
Solution: Sun has described a workaround in their advisory.
The Sun advisory is avilable at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1
|
Vendor URL: www.sendmail.org/releases/8.13.8.html (Links to External Site)
|
Cause: State error
|
Underlying OS: UNIX (Solaris - SunOS)
|
Underlying OS Comments: 9, 10
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 11 Oct 2006 00:06:27 -0400
Subject: A "Use-after-free" Vulnerability in Sendmail Versions Before 8.13.8 may Allow a Denial of Service (DoS)
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1
CVE-2006-4434
|
|
