(IBM Issues Fix for AIX) Sendmail May Crash When Processing Mail with a Long Header
|
|
SecurityTracker Alert ID: 1021237 |
|
SecurityTracker URL: http://securitytracker.com/id/1021237
|
|
CVE Reference:
CVE-2006-4434
(Links to External Site)
|
Date: Nov 17 2008
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 8.13.7 and prior versions
|
Description:
A vulnerability was reported in Sendmail. A remote user can cause denial of service conditions.
A remote user can send e-mail with specially crafted (and very long) header lines to trigger a "use-after-free" flaw and cause the target sendmail service to crash.
Moritz Jodeit reported this vulnerability.
[Editor's note: The vendor reported on August 9, 2006 that a potential "crash" had been corrected, but the vendor did not describe the nature of the crash. OpenBSD reported the security relevant nature of the crash on August 25, 2006.]
|
Impact:
A remote user can cause sendmail to crash.
|
Solution:
IBM has issued a fix for AIX.
APAR IZ25577:
http://www-912.ibm.com/eserver/support/fixes/fixcentral/pseriespkgoptions/apar?fixes=IZ25577
The IBM advisory is available at:
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ25577
|
Vendor URL: www.sendmail.org/releases/8.13.8.html (Links to External Site)
|
Cause:
State error
|
Underlying OS:
UNIX (AIX)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 17 Nov 2008 16:35:13 -0500
Subject: http://www-01.ibm.com/support/docview.wss?uid=isg1IZ25577
|
IZ25577: SENDMAIL VULNERABILITY (CVE-2006-4434)
|
|
