OpenCVE

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:H/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux
Sendmail	Sendmail

Configuration 1 [-]

OR	cpe:2.3:a:sendmail:sendmail:8.13.0:::::::*
	cpe:2.3:a:sendmail:sendmail:8.13.1:::::::*
	cpe:2.3:a:sendmail:sendmail:8.13.2:::::::*
	cpe:2.3:a:sendmail:sendmail:8.13.3:::::::*
	cpe:2.3:a:sendmail:sendmail:8.13.4:::::::*
	cpe:2.3:a:sendmail:sendmail:8.13.5:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
sendmail-0:8.12.11-4.RHEL3.4	cpe:/o:redhat:enterprise_linux:3	RHSA-2006:0264	2006-03-22T00:00:00Z
Red Hat Enterprise Linux 4
sendmail-0:8.13.1-3.RHEL4.3	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0264	2006-03-22T00:00:00Z
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2006:0265	2006-03-22T00:00:00Z
Red Hat Enterprise Linux ES version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2006:0265	2006-03-22T00:00:00Z
Red Hat Enterprise Linux WS version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2006:0265	2006-03-22T00:00:00Z
Red Hat Linux Advanced Workstation 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2006:0265	2006-03-22T00:00:00Z

References

Link	Providers
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-010.txt.asc
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24/SCOSA-2006.24.txt
ftp://patches.sgi.com/support/free/security/advisories/20060302-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
http://secunia.com/advisories/19342
http://secunia.com/advisories/19345
http://secunia.com/advisories/19346
http://secunia.com/advisories/19349
http://secunia.com/advisories/19356
http://secunia.com/advisories/19360
http://secunia.com/advisories/19361
http://secunia.com/advisories/19363
http://secunia.com/advisories/19367
http://secunia.com/advisories/19368
http://secunia.com/advisories/19394
http://secunia.com/advisories/19404
http://secunia.com/advisories/19407
http://secunia.com/advisories/19450
http://secunia.com/advisories/19466
http://secunia.com/advisories/19532
http://secunia.com/advisories/19533
http://secunia.com/advisories/19676
http://secunia.com/advisories/19774
http://secunia.com/advisories/20243
http://secunia.com/advisories/20723
http://securityreason.com/securityalert/612
http://securityreason.com/securityalert/743
http://securitytracker.com/id?1015801
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.619600
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102324-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200494-1
http://support.avaya.com/elmodocs2/security/ASA-2006-074.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82992&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82993&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82994&apar=only
http://www.ciac.org/ciac/bulletins/q-151.shtml
http://www.debian.org/security/2006/dsa-1015
http://www.f-secure.com/security/fsc-2006-2.shtml
http://www.gentoo.org/security/en/glsa/glsa-200603-21.xml
http://www.iss.net/threats/216.html
http://www.kb.cert.org/vuls/id/834865
http://www.mandriva.com/security/advisories?name=MDKSA-2006:058
http://www.novell.com/linux/security/advisories/2006_17_sendmail.html
http://www.openbsd.org/errata38.html#sendmail
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.007-sendmail.html
http://www.osvdb.org/24037
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00017.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00018.html
http://www.redhat.com/support/errata/RHSA-2006-0264.html
http://www.redhat.com/support/errata/RHSA-2006-0265.html
http://www.securityfocus.com/archive/1/428536/100/0/threaded
http://www.securityfocus.com/archive/1/428656/100/0/threaded
http://www.securityfocus.com/bid/17192
http://www.sendmail.com/company/advisory/index.shtml
http://www.us-cert.gov/cas/techalerts/TA06-081A.html
http://www.vupen.com/english/advisories/2006/1049
http://www.vupen.com/english/advisories/2006/1051
http://www.vupen.com/english/advisories/2006/1068
http://www.vupen.com/english/advisories/2006/1072
http://www.vupen.com/english/advisories/2006/1139
http://www.vupen.com/english/advisories/2006/1157
http://www.vupen.com/english/advisories/2006/1529
http://www.vupen.com/english/advisories/2006/2189
http://www.vupen.com/english/advisories/2006/2490
http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751
https://exchange.xforce.ibmcloud.com/vulnerabilities/24584
https://nvd.nist.gov/vuln/detail/CVE-2006-0058
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1689
https://www.cve.org/CVERecord?id=CVE-2006-0058

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2006-03-22T20:00:00

Updated: 2024-08-07T16:18:20.809Z

Reserved: 2006-01-01T00:00:00

Link: CVE-2006-0058

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-03-22T20:06:00.000

Modified: 2024-11-21T00:05:33.340

Link: CVE-2006-0058

Redhat

Severity : Critical

Publid Date: 2006-03-22T16:00:00Z

Links: CVE-2006-0058 - Bugzilla

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object