National Cyber-Alert System

Vulnerability Summary for CVE-2006-4434

Overview

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Vendor Statments (disclaimer)

Official Statement from Red Hat (08/30/2006)

This flaw causes a crash but does not result in a denial of service against Sendmail and is therefore not a security issue.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://www.sendmail.org/releases/8.13.8.html

Type: Patch Information

Hyperlink:http://www.sendmail.org/releases/8.13.8.html

External Source: BID

Name: 19714

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/19714

External Source: SECTRACK

Name: 1016753

Type: Patch Information

Hyperlink:http://securitytracker.com/id?1016753

External Source: SECUNIA

Name: 21641

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/21641

External Source: SECUNIA

Name: 21637

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/21637

External Source: OPENBSD

Name: [3.8] 20060825 010: SECURITY FIX: August 25, 2006

Hyperlink:http://www.openbsd.org/errata38.html#sendmail3

External Source: OPENBSD

Name: [3.9] 20060825 005: SECURITY FIX: August 25, 2006

Hyperlink:http://www.openbsd.org/errata.html#sendmail3

External Source: DEBIAN

Name: DSA-1164

Hyperlink:http://www.debian.org/security/2006/dsa-1164

External Source: VIM

Name: 20060829 Sendmail vendor dispute - CVE-2006-4434 (fwd)

Hyperlink:http://www.attrition.org/pipermail/vim/2006-August/000999.html

External Source: SECUNIA

Name: 21700

Hyperlink:http://secunia.com/advisories/21700

External Source: SECUNIA

Name: 21696

Hyperlink:http://secunia.com/advisories/21696

External Source: MANDRIVA

Name: MDKSA-2006:156

Hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:156

External Source: OSVDB

Name: 28193

Hyperlink:http://www.osvdb.org/28193

External Source: SUSE

Name: SUSE-SR:2006:021

Hyperlink:http://www.novell.com/linux/security/advisories/2006_21_sr.html

External Source: MANDRIVA

Name: MDKSA-2006:156

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:156

External Source: VUPEN

Name: ADV-2006-3994

Hyperlink:http://www.frsirt.com/english/advisories/2006/3994

External Source: VUPEN

Name: ADV-2006-3393

Hyperlink:http://www.frsirt.com/english/advisories/2006/3393

External Source: SUNALERT

Name: 102664

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1

External Source: SECUNIA

Name: 22369

Hyperlink:http://secunia.com/advisories/22369

External Source: SECUNIA

Name: 21749

Hyperlink:http://secunia.com/advisories/21749