ID CVE-2006-0058
Summary Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
References
Vulnerable Configurations
  • Sendmail Sendmail 8.13.0
    cpe:2.3:a:sendmail:sendmail:8.13.0
  • Sendmail Sendmail 8.13.1
    cpe:2.3:a:sendmail:sendmail:8.13.1
  • Sendmail Sendmail 8.13.2
    cpe:2.3:a:sendmail:sendmail:8.13.2
  • Sendmail Sendmail 8.13.3
    cpe:2.3:a:sendmail:sendmail:8.13.3
  • Sendmail Sendmail 8.13.4
    cpe:2.3:a:sendmail:sendmail:8.13.4
  • Sendmail Sendmail 8.13.5
    cpe:2.3:a:sendmail:sendmail:8.13.5
CVSS
Base: 7.6 (as of 23-03-2006 - 13:14)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Sendmail <= 8.13.5 Remote Signal Handling Exploit PoC. CVE-2006-0058. Dos exploit for linux platform
id EDB-ID:2051
last seen 2016-01-31
modified 2006-07-21
published 2006-07-21
reporter redsand
source https://www.exploit-db.com/download/2051/
title Sendmail <= 8.13.5 - Remote Signal Handling Exploit PoC
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_122856.NASL
    description SunOS 5.10: sendmail patch. Date this patch was last updated by Sun : Oct/17/06
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 21260
    published 2006-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21260
    title Solaris 10 (sparc) : 122856-03
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_34927.NASL
    description s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS). (HPSBUX02124 SSRT061159)
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22175
    published 2006-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22175
    title HP-UX PHNE_34927 : s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_35485.NASL
    description s700_800 11.23 sendmail(1M) 8.11.1 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631)
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 26135
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26135
    title HP-UX PHNE_35485 : s700_800 11.23 sendmail(1M) 8.11.1 patch
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0264.NASL
    description Updated sendmail packages to fix a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of asynchronous signals was discovered in Sendmail. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0058 to this issue. By default on Red Hat Enterprise Linux 3 and 4, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be able to be remotely exploited by this vulnerability. Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 21134
    published 2006-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21134
    title RHEL 3 / 4 : sendmail (RHSA-2006:0264)
  • NASL family AIX Local Security Checks
    NASL id AIX_U805069.NASL
    description The remote host is missing AIX PTF U805069, which is related to the security of the package bos.net.tcp.client.
    last seen 2019-02-21
    modified 2013-03-14
    plugin id 65291
    published 2013-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65291
    title AIX 5.3 TL 4 / 5.3 TL 5 : bos.net.tcp.client (U805069)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1015.NASL
    description Mark Dowd discovered a flaw in the handling of asynchronous signals in sendmail, a powerful, efficient, and scalable mail transport agent. This allows a remote attacker to exploit a race condition to execute arbitrary code as root.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22557
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22557
    title Debian DSA-1015-1 : sendmail - programming error
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0264.NASL
    description Updated sendmail packages to fix a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of asynchronous signals was discovered in Sendmail. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0058 to this issue. By default on Red Hat Enterprise Linux 3 and 4, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be able to be remotely exploited by this vulnerability. Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21893
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21893
    title CentOS 3 / 4 : sendmail (CESA-2006:0264)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114137.NASL
    description SunOS 5.9_x86: sendmail Patch. Date this patch was last updated by Sun : Mar/04/08
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 13592
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13592
    title Solaris 9 (x86) : 114137-10
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-081-01.NASL
    description New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. Sendmail's advisory concerning this issue may be found here: http://www.sendmail.com/company/advisory/index.shtml
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 21121
    published 2006-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21121
    title Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : sendmail (SSA:2006-081-01)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_113575.NASL
    description SunOS 5.9: sendmail patch. Date this patch was last updated by Sun : Feb/05/08
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 13541
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13541
    title Solaris 9 (sparc) : 113575-11
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_35483.NASL
    description s700_800 11.00 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26133
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26133
    title HP-UX PHNE_35483 : s700_800 11.00 sendmail(1M) 8.9.3 patch
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0265.NASL
    description Updated sendmail packages to fix a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of asynchronous signals was discovered in Sendmail. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0058 to this issue. By default on Red Hat Enterprise Linux 2.1, Sendmail is configured to only accept connections from the local host. Therefore only users who have configured Sendmail to listen to remote hosts would be able to be remotely exploited by this vulnerability. In order to correct this issue for Red Hat Enterprise Linux 2.1 users, it was necessary to upgrade the version of Sendmail from 8.11 as originally shipped to Sendmail 8.12 with the addition of the security patch supplied by Sendmail Inc. This erratum provides updated packages based on Sendmail 8.12 with a compatibility mode enabled. After updating to these packages, users should pay close attention to their sendmail logs to ensure that the upgrade completed sucessfully.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 21135
    published 2006-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21135
    title RHEL 2.1 : sendmail (RHSA-2006:0265)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_32006.NASL
    description s700_800 11.00 sendmail(1m) 8.9.3 patch : A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 21653
    published 2006-06-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21653
    title HP-UX PHNE_32006 : HP-UX Running sendmail, Remote Execution of Arbitrary Code (HPSBUX02108 SSRT061133 rev.15)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_08AC7B8BBB3011DAB2FB000E0C2E438A.NASL
    description Problem Description A race condition has been reported to exist in the handling by sendmail of asynchronous signals. Impact A remote attacker may be able to execute arbitrary code with the privileges of the user running sendmail, typically root. Workaround There is no known workaround other than disabling sendmail.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21381
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21381
    title FreeBSD : sendmail -- race condition vulnerability (08ac7b8b-bb30-11da-b2fb-000e0c2e438a)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-058.NASL
    description A race condition was reported in sendmail in how it handles asynchronous signals. This could allow a remote attacker to be able to execute arbitrary code with the privileges of the user running sendmail. The updated packages have been patched to correct this problem via a patch provided by the Sendmail Consortium via CERT.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21132
    published 2006-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21132
    title Mandrake Linux Security Advisory : sendmail (MDKSA-2006:058)
  • NASL family AIX Local Security Checks
    NASL id AIX_U806006.NASL
    description The remote host is missing AIX PTF U806006, which is related to the security of the package bos.net.tcp.client.
    last seen 2019-02-21
    modified 2013-03-14
    plugin id 65293
    published 2013-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65293
    title AIX 5.2 TL 8 : bos.net.tcp.client (U806006)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200603-21.NASL
    description The remote host is affected by the vulnerability described in GLSA-200603-21 (Sendmail: Race condition in the handling of asynchronous signals) ISS discovered that Sendmail is vulnerable to a race condition in the handling of asynchronous signals. Impact : An attacker could exploit this via certain crafted timing conditions. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 21128
    published 2006-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21128
    title GLSA-200603-21 : Sendmail: Race condition in the handling of asynchronous signals
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2006-194.NASL
    description Fixes CVE-2006-0058 : A flaw in the handling of asynchronous signals. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21191
    published 2006-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21191
    title Fedora Core 4 : sendmail-8.13.6-0.FC4.1 (2006-194)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_110615.NASL
    description SunOS 5.8: sendmail patch. Date this patch was last updated by Sun : Jan/18/08
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 13350
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13350
    title Solaris 8 (sparc) : 110615-18
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_35484.NASL
    description s700_800 11.11 sendmail(1M) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability could be exploited remotely to gain unauthorized privileged access. References: CERT/CC CA-2003-25, CAN-2003-0681. (HPSBUX00281 SSRT3631) - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service (DoS). References: CERT CA-2003-12. (HPSBUX00253 SSRT3531) - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS). (HPSBUX02183 SSRT061243) - A potential security vulnerability has been identified with HP-UX running sendmail, where the vulnerability may be exploited remotely to gain unauthorized access and create a Denial of Service (DoS). References: CERT CA-2003-07, CAN-2002-1337. (HPSBUX00246 SSRT3469)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26134
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26134
    title HP-UX PHNE_35484 : s700_800 11.11 sendmail(1M) 8.9.3 patch
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2006-193.NASL
    description Fixes CVE-2006-0058 : A flaw in the handling of asynchronous signals. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21190
    published 2006-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21190
    title Fedora Core 5 : sendmail-8.13.6-0.FC5.1 (2006-193)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_110616.NASL
    description SunOS 5.8_x86: sendmail patch. Date this patch was last updated by Sun : Feb/04/08
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 13454
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13454
    title Solaris 8 (x86) : 110616-18
oval via4
  • accepted 2013-04-29T04:11:17.848-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
    family unix
    id oval:org.mitre.oval:def:11074
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
    version 23
  • accepted 2013-04-22T04:00:13.977-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Vladimir Giszpenc
      organization DSCI Contractor
    • name Sudhir Gandhe
      organization Secure Elements, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4 for x86
      oval oval:org.mitre.oval:def:1734
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3 for x86
      oval oval:org.mitre.oval:def:5537
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3 for x86
      oval oval:org.mitre.oval:def:5537
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4 for x86
      oval oval:org.mitre.oval:def:1734
    description Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
    family unix
    id oval:org.mitre.oval:def:1689
    status accepted
    submitted 2006-03-27T09:51:00.000-04:00
    title Sendmail setjmp longjmp bo (Red Hat Internal)
    version 36
redhat via4
advisories
  • bugzilla
    id 184465
    title CVE-2006-0058 Sendmail race condition issue
    oval
    OR
    • AND
      comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • AND
      comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    rhsa
    id RHSA-2006:0264
    released 2006-03-22
    severity Critical
    title RHSA-2006:0264: sendmail security update (Critical)
  • rhsa
    id RHSA-2006:0265
refmap via4
aixapar
  • IY82992
  • IY82993
  • IY82994
bid 17192
bugtraq 20060322 sendmail vuln advisories (CVE-2006-0058)
cert TA06-081A
cert-vn VU#834865
ciac Q-151
confirm
debian DSA-1015
fedora
  • FEDORA-2006-193
  • FEDORA-2006-194
  • FLSA:186277
freebsd FreeBSD-SA-06:13
gentoo GLSA-200603-21
hp
  • HPSBTU02116
  • HPSBUX02108
  • SSRT061133
  • SSRT061135
iss 20060322 Sendmail Remote Signal Handling Vulnerability
mandriva MDKSA-2006:058
netbsd NetBSD-SA2006-010
openbsd [3.8] 006: SECURITY FIX: March 25, 2006
openpkg OpenPKG-SA-2006.007
osvdb 24037
sco SCOSA-2006.24
sectrack 1015801
secunia
  • 19342
  • 19345
  • 19346
  • 19349
  • 19356
  • 19360
  • 19361
  • 19363
  • 19367
  • 19368
  • 19394
  • 19404
  • 19407
  • 19450
  • 19466
  • 19532
  • 19533
  • 19676
  • 19774
  • 20243
  • 20723
sgi
  • 20060302-01-P
  • 20060401-01-U
slackware SSA:2006-081-01
sreason
sunalert
  • 102262
  • 102324
  • 200494
suse SUSE-SA:2006:017
vupen
  • ADV-2006-1049
  • ADV-2006-1051
  • ADV-2006-1068
  • ADV-2006-1072
  • ADV-2006-1139
  • ADV-2006-1157
  • ADV-2006-1529
  • ADV-2006-2189
  • ADV-2006-2490
xf smtp-timeout-bo(24584)
Last major update 07-03-2011 - 21:29
Published 22-03-2006 - 15:06
Last modified 19-10-2018 - 11:42
Back to Top