SecurityTracker: (OpenBSD Issues Fix) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (E-mail Server) > Sendmail

Vendors: Sendmail Consortium

(OpenBSD Issues Fix) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code

SecurityTracker Alert ID: 1015827

SecurityTracker URL: http://securitytracker.com/id/1015827

CVE Reference: CVE-2006-0058 (Links to External Site)

Date: Mar 26 2006

Impact: Execution of arbitrary code via network, Root access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 8.13.6

Description: A vulnerability was reported in Sendmail. A remote user may be able to execute arbitrary code on the target system.

Under certain specific timing conditions, a remote user can send specially crafted e-mail data to the target system to exploit a race condition in a signal handler and trigger a buffer overflow. This may allow the remote user to execute arbitrary code on the target system with the privileges of the sendmail process.

ISS discovered this vulnerability.

The original advisory is available at:

http://xforce.iss.net/xforce/xfdb/24584

Impact: A remote user can execute arbitrary code on the target system with the privileges of the sendmail process (typically root privileges).

Solution: OpenBSD has issued the following patches.

For 3.9:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/001_sendmail.patch

For 3.8:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/006_sendmail.patch

For 3.7:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/012_sendmail.patch

Vendor URL: www.sendmail.org/ (Links to External Site)

Cause: Boundary error

Underlying OS: UNIX (OpenBSD)

Message History: This archive entry is a follow-up to the message listed below.

Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code

Source Message Contents

Date: Sat, 25 Mar 2006 22:12:28 -0500
Subject: OpenBSD patches for sendmail



> SECURITY FIX: March 25, 2006   all architecture
> A race condition has been reported to exist in the handling by sendmail of 
> asynchronous signals. A remote attacker may be able to execute arbitrary code with 
> the privileges of the user running sendmail, typically root. 

For 3.9:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/001_sendmail.patch

For 3.8:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/006_sendmail.patch

For 3.7:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/012_sendmail.patch

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC