CVE-2006-0058

Severity

76%

Complexity

49%

Confidentiality

165%

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

CVSS 2.0 Base Score 7.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C).

Overview

Type

Sendmail Sendmail

First reported 18 years ago

2006-03-22 20:06:00

Last updated 6 years ago

2018-10-19 15:42:00

Affected Software

Sendmail Sendmail 8.13.0

8.13.0

Sendmail Sendmail 8.13.1

8.13.1

Sendmail Sendmail 8.13.2

8.13.2

Sendmail Sendmail 8.13.3

8.13.3

Sendmail Sendmail 8.13.4

8.13.4

Sendmail Sendmail 8.13.5

8.13.5

References

FreeBSD-SA-06:13

NetBSD-SA2006-010

SCOSA-2006.24

20060302-01-P

20060401-01-U

HPSBUX02108

HPSBTU02116

19342

19345

19346

19349

19356

19360

19361

19363

19367

19368

19394

19404

19407

19450

19466

19532

19533

19676

19774

20243

20723

612

743

1015801

SSA:2006-081-01

102262

102324

200494

http://support.avaya.com/elmodocs2/security/ASA-2006-074.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm

Q-151

DSA-1015

http://www.f-secure.com/security/fsc-2006-2.shtml

GLSA-200603-21

20060322 Sendmail Remote Signal Handling Vulnerability

VU#834865

US Government Resource

MDKSA-2006:058

SUSE-SA:2006:017

[3.8] 006: SECURITY FIX: March 25, 2006

OpenPKG-SA-2006.007

24037

FEDORA-2006-194

FEDORA-2006-193

RHSA-2006:0264

Patch, Vendor Advisory

RHSA-2006:0265

Patch, Vendor Advisory

20060322 sendmail vuln advisories (CVE-2006-0058)

FLSA:186277

17192

http://www.sendmail.com/company/advisory/index.shtml

TA06-081A

US Government Resource

ADV-2006-1049

ADV-2006-1051

ADV-2006-1068

ADV-2006-1072

ADV-2006-1139

ADV-2006-1157

ADV-2006-1529

ADV-2006-2189

ADV-2006-2490

IY82992

IY82993

IY82994

http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751

smtp-timeout-bo(24584)

oval:org.mitre.oval:def:11074

oval:org.mitre.oval:def:1689

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.