CVE-2006-4434

Severity

50%

Complexity

99%

Confidentiality

48%

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Sendmail Sendmail

First reported 18 years ago

2006-08-29 00:04:00

Last updated 13 years ago

2011-03-10 05:00:00

Affected Software

Sendmail Sendmail 4.1

4.1

Sendmail Sendmail 8.8.8

8.8.8

Sendmail Sendmail 8.9.0

8.9.0

Sendmail Sendmail 8.9.1

8.9.1

Sendmail Sendmail 8.9.2

8.9.2

Sendmail Sendmail 8.9.3

8.9.3

Sendmail Sendmail 8.10

8.10

Sendmail Sendmail 8.10.1

8.10.1

Sendmail Sendmail 8.10.2

8.10.2

Sendmail Sendmail 8.11

8.11.0

Sendmail Sendmail 8.11.1

8.11.1

Sendmail Sendmail 8.11.2

8.11.2

Sendmail Sendmail 8.11.3

8.11.3

Sendmail Sendmail 8.11.4

8.11.4

Sendmail Sendmail 8.11.5

8.11.5

Sendmail Sendmail 8.11.6

8.11.6

Sendmail Sendmail 8.11.7

8.11.7

Sendmail Sendmail 8.12 Beta10

8.12

Sendmail Sendmail 8.12 Beta12

8.12

Sendmail Sendmail 8.12 Beta16

8.12

Sendmail Sendmail 8.12 Beta5

8.12

Sendmail Sendmail 8.12 beta7

8.12

Sendmail Sendmail 8.12.0

8.12.0

Sendmail Sendmail 8.12.1

8.12.1

Sendmail Sendmail 8.12.2

8.12.2

Sendmail Sendmail 8.12.3

8.12.3

Sendmail Sendmail 8.12.4

8.12.4

Sendmail Sendmail 8.12.5

8.12.5

Sendmail Sendmail 8.12.6

8.12.6

Sendmail Sendmail 8.12.7

8.12.7

Sendmail Sendmail 8.12.8

8.12.8

Sendmail Sendmail 8.12.9

8.12.9

Sendmail Sendmail 8.12.10

8.12.10

Sendmail Sendmail 8.12.11

8.12.11

Sendmail Sendmail 8.13.3

8.13.3

Sendmail Sendmail 8.13.4

8.13.4

Sendmail Sendmail 8.13.5

8.13.5

Sendmail Sendmail 8.13.6

8.13.6

Sendmail Sendmail 8.13.7

8.13.7

References

21637

Patch, Vendor Advisory

21641

Patch, Vendor Advisory

21696

Vendor Advisory

21700

Vendor Advisory

21749

Vendor Advisory

22369

Vendor Advisory

1016753

Patch

102664

20060829 Sendmail vendor dispute - CVE-2006-4434 (fwd)

DSA-1164

MDKSA-2006:156

SUSE-SR:2006:021

[3.9] 20060825 005: SECURITY FIX: August 25, 2006

[3.8] 20060825 010: SECURITY FIX: August 25, 2006

28193

19714

Patch

http://www.sendmail.org/releases/8.13.8.html

Patch

ADV-2006-3393

Vendor Advisory

ADV-2006-3994

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.