CVE-2006-4434

Properties

Published:
27.08.2006
Updated:
30.08.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:N/A:P/B:N)
    Product:
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail
    Sendmail Consortium: Sendmail

    Vulnerability description

    Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long"header line", which causes a previously freed variable to be referenced.

    References:

    http://www.sendmail.org/releases/8.13.8.html: http://www.sendmail.org/releases/8.13.8.html
    OPENBSD: http://www.openbsd.org/errata38.html#sendmail3
    OPENBSD: http://www.openbsd.org/errata.html#sendmail3
    BID: http://www.securityfocus.com/bid/19714
    SECTRACK: http://securitytracker.com/id?1016753
    SECUNIA: http://secunia.com/advisories/21637
    SECUNIA: http://secunia.com/advisories/21641