ID CVE-2006-1173
Summary Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
References
Vulnerable Configurations
  • Sendmail Sendmail 8.8.8
    cpe:2.3:a:sendmail:sendmail:8.8.8
  • Sendmail Sendmail 8.9.0
    cpe:2.3:a:sendmail:sendmail:8.9.0
  • Sendmail Sendmail 8.9.1
    cpe:2.3:a:sendmail:sendmail:8.9.1
  • Sendmail Sendmail 8.9.2
    cpe:2.3:a:sendmail:sendmail:8.9.2
  • Sendmail Sendmail 8.9.3
    cpe:2.3:a:sendmail:sendmail:8.9.3
  • Sendmail Sendmail 8.10
    cpe:2.3:a:sendmail:sendmail:8.10
  • Sendmail Sendmail 8.10.1
    cpe:2.3:a:sendmail:sendmail:8.10.1
  • Sendmail Sendmail 8.10.2
    cpe:2.3:a:sendmail:sendmail:8.10.2
  • Sendmail Sendmail 8.11
    cpe:2.3:a:sendmail:sendmail:8.11.0
  • Sendmail Sendmail 8.11.1
    cpe:2.3:a:sendmail:sendmail:8.11.1
  • Sendmail Sendmail 8.11.2
    cpe:2.3:a:sendmail:sendmail:8.11.2
  • Sendmail Sendmail 8.11.3
    cpe:2.3:a:sendmail:sendmail:8.11.3
  • Sendmail Sendmail 8.11.4
    cpe:2.3:a:sendmail:sendmail:8.11.4
  • Sendmail Sendmail 8.11.5
    cpe:2.3:a:sendmail:sendmail:8.11.5
  • Sendmail Sendmail 8.11.6
    cpe:2.3:a:sendmail:sendmail:8.11.6
  • Sendmail Sendmail 8.11.7
    cpe:2.3:a:sendmail:sendmail:8.11.7
  • Sendmail Sendmail 8.12 Beta10
    cpe:2.3:a:sendmail:sendmail:8.12:beta10
  • Sendmail Sendmail 8.12 Beta12
    cpe:2.3:a:sendmail:sendmail:8.12:beta12
  • Sendmail Sendmail 8.12 Beta16
    cpe:2.3:a:sendmail:sendmail:8.12:beta16
  • Sendmail Sendmail 8.12 Beta5
    cpe:2.3:a:sendmail:sendmail:8.12:beta5
  • Sendmail Sendmail 8.12 beta7
    cpe:2.3:a:sendmail:sendmail:8.12:beta7
  • Sendmail Sendmail 8.12.0
    cpe:2.3:a:sendmail:sendmail:8.12.0
  • Sendmail Sendmail 8.12.1
    cpe:2.3:a:sendmail:sendmail:8.12.1
  • Sendmail Sendmail 8.12.2
    cpe:2.3:a:sendmail:sendmail:8.12.2
  • Sendmail Sendmail 8.12.3
    cpe:2.3:a:sendmail:sendmail:8.12.3
  • Sendmail Sendmail 8.12.4
    cpe:2.3:a:sendmail:sendmail:8.12.4
  • Sendmail Sendmail 8.12.5
    cpe:2.3:a:sendmail:sendmail:8.12.5
  • Sendmail Sendmail 8.12.6
    cpe:2.3:a:sendmail:sendmail:8.12.6
  • Sendmail Sendmail 8.12.7
    cpe:2.3:a:sendmail:sendmail:8.12.7
  • Sendmail Sendmail 8.12.8
    cpe:2.3:a:sendmail:sendmail:8.12.8
  • Sendmail Sendmail 8.12.9
    cpe:2.3:a:sendmail:sendmail:8.12.9
  • Sendmail Sendmail 8.12.10
    cpe:2.3:a:sendmail:sendmail:8.12.10
  • Sendmail Sendmail 8.12.11
    cpe:2.3:a:sendmail:sendmail:8.12.11
  • Sendmail Sendmail 8.13.0
    cpe:2.3:a:sendmail:sendmail:8.13.0
  • Sendmail Sendmail 8.13.1
    cpe:2.3:a:sendmail:sendmail:8.13.1
  • Sendmail Sendmail 8.13.1.2
    cpe:2.3:a:sendmail:sendmail:8.13.1.2
  • Sendmail Sendmail 8.13.2
    cpe:2.3:a:sendmail:sendmail:8.13.2
  • Sendmail Sendmail 8.13.3
    cpe:2.3:a:sendmail:sendmail:8.13.3
  • Sendmail Sendmail 8.13.4
    cpe:2.3:a:sendmail:sendmail:8.13.4
  • Sendmail Sendmail 8.13.5
    cpe:2.3:a:sendmail:sendmail:8.13.5
  • Sendmail Sendmail 8.13.6
    cpe:2.3:a:sendmail:sendmail:8.13.6
CVSS
Base: 5.0 (as of 08-06-2006 - 10:06)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_122856.NASL
    description SunOS 5.10: sendmail patch. Date this patch was last updated by Sun : Oct/17/06
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 21260
    published 2006-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21260
    title Solaris 10 (sparc) : 122856-03
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_34927.NASL
    description s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A vulnerability has been identified in sendmail which may allow a remote attacker to execute arbitrary code. References: CVE-2006-0058, US-CERT VU#834865. (HPSBUX02108 SSRT061133) - A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS). (HPSBUX02124 SSRT061159)
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22175
    published 2006-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22175
    title HP-UX PHNE_34927 : s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-104.NASL
    description A vulnerability in the way Sendmail handles multi-part MIME messages was discovered that could allow a remote attacker to create a carefully crafted message that could crash the sendmail process during delivery. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21719
    published 2006-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21719
    title Mandrake Linux Security Advisory : sendmail (MDKSA-2006:104)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0515.NASL
    description Updated sendmail packages are now available to fix a denial of service security issue. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 27 June 2006] The sendmail-docs packages for Red Hat Enterprise Linux 3 have been updated to the correct version and release. Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of multi-part MIME messages was discovered in Sendmail. A remote attacker could create a carefully crafted message that could crash the sendmail process during delivery (CVE-2006-1173). By default on Red Hat Enterprise Linux, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be remotely vulnerable to this issue. Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 21721
    published 2006-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21721
    title RHEL 2.1 / 3 / 4 : sendmail (RHSA-2006:0515)
  • NASL family AIX Local Security Checks
    NASL id AIX_U807468.NASL
    description The remote host is missing AIX PTF U807468, which is related to the security of the package bos.net.tcp.client.
    last seen 2019-02-21
    modified 2013-03-14
    plugin id 28637
    published 2007-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28637
    title AIX 5.3 TL 4 / 5.3 TL 5 : bos.net.tcp.client (U807468)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_34900.NASL
    description s700_800 11.00 sendmail(1m) 8.9.3 patch : A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS).
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22174
    published 2006-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22174
    title HP-UX PHNE_34900 : HP-UX Sendmail MIME Remote Denial of Service (DoS) (HPSBUX02124 SSRT061159 rev.2)
  • NASL family AIX Local Security Checks
    NASL id AIX_U477911.NASL
    description The remote host is missing AIX PTF U477911, which is related to the security of the package bos.net.tcp.client.
    last seen 2019-02-21
    modified 2013-03-14
    plugin id 65261
    published 2013-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65261
    title AIX 5.2 TL 9 / 5.2 TL 8 : bos.net.tcp.client (U477911)
  • NASL family AIX Local Security Checks
    NASL id AIX_U497412.NASL
    description The remote host is missing AIX PTF U497412, which is related to the security of the package bos.net.tcp.client.
    last seen 2019-02-21
    modified 2013-03-14
    plugin id 65264
    published 2013-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65264
    title AIX 5.3 TL 5 / 5.3 TL 4 : bos.net.tcp.client (U497412)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_34689.NASL
    description s700_800 11.23 sendmail(1m) 8.11.1 patch : A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS).
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22173
    published 2006-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22173
    title HP-UX PHNE_34689 : HP-UX Sendmail MIME Remote Denial of Service (DoS) (HPSBUX02124 SSRT061159 rev.2)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114137.NASL
    description SunOS 5.9_x86: sendmail Patch. Date this patch was last updated by Sun : Mar/04/08
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 13592
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13592
    title Solaris 9 (x86) : 114137-10
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0515.NASL
    description Updated sendmail packages are now available to fix a denial of service security issue. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 27 June 2006] The sendmail-docs packages for Red Hat Enterprise Linux 3 have been updated to the correct version and release. Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of multi-part MIME messages was discovered in Sendmail. A remote attacker could create a carefully crafted message that could crash the sendmail process during delivery (CVE-2006-1173). By default on Red Hat Enterprise Linux, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be remotely vulnerable to this issue. Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21903
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21903
    title CentOS 3 / 4 : sendmail (CESA-2006:0515)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_113575.NASL
    description SunOS 5.9: sendmail patch. Date this patch was last updated by Sun : Feb/05/08
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 13541
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13541
    title Solaris 9 (sparc) : 113575-11
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_34936.NASL
    description s700_800 11.11 sendmail(1M) 8.9.3 patch : A potential security vulnerability has been identified with HP-UX running Sendmail processing malformed multipart MIME messages. This vulnerability could potentially allow a remote unauthenticated user to cause a Denial of Service (DoS).
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22176
    published 2006-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22176
    title HP-UX PHNE_34936 : HP-UX Sendmail MIME Remote Denial of Service (DoS) (HPSBUX02124 SSRT061159 rev.2)
  • NASL family AIX Local Security Checks
    NASL id AIX_U806039.NASL
    description The remote host is missing AIX PTF U806039, which is related to the security of the package bos.net.tcp.client.
    last seen 2019-02-21
    modified 2013-03-14
    plugin id 28597
    published 2007-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28597
    title AIX 5.2 TL 8 : bos.net.tcp.client (U806039)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1155.NASL
    description It turned out that the sendmail binary depends on libsasl2 (>= 2.1.19.dfsg1) which is neither available in the stable nor in the security archive. This version is scheduled for the inclusion in the next update of the stable release, though. You'll have to download the referenced file for your architecture from below and install it with dpkg -i. As an alternative, temporarily adding the following line to /etc/apt/sources.list will mitigate the problem as well : deb http://ftp.debian.de/debian stable-proposed-updates main Here is the original security advisory for completeness : Frank Sheiness discovered that a MIME conversion routine in sendmail, a powerful, efficient, and scalable mail transport agent, could be tricked by a specially crafted mail to perform an endless recursion.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22697
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22697
    title Debian DSA-1155-2 : sendmail - programming error
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200606-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-200606-19 (Sendmail: Denial of Service) Frank Sheiness discovered that the mime8to7() function can recurse endlessly during the decoding of multipart MIME messages until the stack of the process is filled and the process crashes. Impact : By sending specially crafted multipart MIME messages, a remote attacker can cause a subprocess forked by Sendmail to crash. If Sendmail is not set to use a randomized queue processing, the attack will effectively halt the delivery of queued mails as well as the malformed one, incoming mail delivered interactively is not affected. Additionally, on systems where core dumps with an individual naming scheme (like 'core.pid') are enabled, a filesystem may fill up with core dumps. Core dumps are disabled by default in Gentoo. Workaround : The Sendmail 8.13.7 release information offers some workarounds, please see the Reference below. Note that the issue has actually been fixed in the 8.13.6-r1 ebuild.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 21712
    published 2006-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21712
    title GLSA-200606-19 : Sendmail: Denial of Service
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-166-01.NASL
    description New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a possible denial-of-service issue. Sendmail's complete advisory may be found here: http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc Sendmail has also provided an FAQ about this issue: http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 21699
    published 2006-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21699
    title Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : sendmail (SSA:2006-166-01)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_122857.NASL
    description SunOS 5.10_x86: sendmail patch. Date this patch was last updated by Sun : Oct/10/06
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 21263
    published 2006-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21263
    title Solaris 10 (x86) : 122857-04
oval via4
accepted 2013-04-29T04:12:41.573-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
family unix
id oval:org.mitre.oval:def:11253
status accepted
submitted 2010-07-09T03:56:16-04:00
title Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
version 23
redhat via4
advisories
bugzilla
oval
OR
  • AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20060015001
  • AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0515
released 2006-06-14
severity Important
title RHSA-2006:0515: sendmail security update (Important)
refmap via4
aixapar
  • IY85415
  • IY85930
bid 18433
bugtraq
  • 20060620 Sendmail MIME DoS vulnerability
  • 20060621 Re: Sendmail MIME DoS vulnerability
  • 20060624 Re: Sendmail MIME DoS vulnerability
  • 20060721 rPSA-2006-0134-1 sendmail sendmail-cf
cert-vn VU#146718
confirm
debian DSA-1155
freebsd FreeBSD-SA-06:17.sendmail
gentoo GLSA-200606-19
hp
  • HPSBTU02116
  • HPSBUX02124
  • SSRT061135
  • SSRT061159
mandriva MDKSA-2006:104
openbsd [3.8] 008: SECURITY FIX: June 15, 2006
osvdb 26197
sectrack 1016295
secunia
  • 15779
  • 20473
  • 20641
  • 20650
  • 20651
  • 20654
  • 20673
  • 20675
  • 20679
  • 20683
  • 20684
  • 20694
  • 20726
  • 20782
  • 21042
  • 21160
  • 21327
  • 21612
  • 21647
sgi
  • 20060601-01-P
  • 20060602-01-U
slackware SSA:2006-166-01
sunalert 102460
suse SUSE-SA:2006:032
vupen
  • ADV-2006-2189
  • ADV-2006-2351
  • ADV-2006-2388
  • ADV-2006-2389
  • ADV-2006-2390
  • ADV-2006-2798
  • ADV-2006-3135
xf sendmail-multipart-mime-dos(27128)
Last major update 13-05-2011 - 00:00
Published 07-06-2006 - 19:06
Last modified 18-10-2018 - 12:31
Back to Top