CVE-2001-1349 - Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of ser

CVE-2001-1349

Summary

Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.

References

Vulnerable Configurations

cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*

CVSS

Base:	3.7 (as of 05-09-2008 - 20:26)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:H/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2001:106

refmap via4

bid	2794
bindview	20010528 Unsafe Signal Handling in Sendmail
bugtraq	20010529 sendmail 8.11.4 and 8.12.0.Beta10 available (fwd)
confirm	http://archives.neohapsis.com/archives/sendmail/2001-q2/0001.html
xf	sendmail-signal-handling(6633)

Last major update

05-09-2008 - 20:26

Published

28-05-2001 - 04:00

Last modified

05-09-2008 - 20:26