Full Disclosure mailing list archives
Re: [ MDKSA-2006:104 ] - Updated sendmail packages fix remotely exploitable vulnerability
From: Vincent Danen <vdanen () linsec ca>
Date: Thu, 15 Jun 2006 10:28:21 -0600
* 3APA3A <3APA3A () SECURITY NNOV RU> [2006-06-15 12:14:13 +0400]:
Dear security () mandriva com, smc> References: smc> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173 Description Unspecified vulnerability in HP Tru64 UNIX 4.0F PK8 up to 5.1B-3 and HP Internet Express for Tru64 UNIX 6.3 through 6.5, when running Sendmail, might allow remote attackers to cause a denial of service or execute arbitrary code. NOTE: as of 20060607, due to the lack of details, it is not publicly known whether this issue is within Sendmail itself, and/or if it is specific to HP. smc> http://www.cert.org/advisories/146718 Error 404. www.sendmail.org Recent News * Sendmail 8.13.7 is available (2006-06-14); it contains a fix for a potential denial of service problem caused by excessive recursion which leads to stack exhaustion when attempting delivery of a malformed MIME message. Does Somebody have details?
No, but if you find some, please share. =) The details received from CERT were sketchy, and none of the other referenced docs had much more info. Looking at the patch, it looks like it's a mime-nesting issue, but doesn't really indicate how deep the nesting has to be to trigger the crash. The CVE entry should probably be updated as the problem is definitely in sendmail, and AFAIK it's just a regular DoS as sendmail will crash on a message with deeply-nested mime messages. I don't see anything in there that makes me believe there could be the execution of arbitrary code (but I could be wrong on that point). -- {FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4} mysql> SELECT * FROM users WHERE clue > 0; Empty set (0.00sec) :: Annvix - Secure Linux Server: http://annvix.org/ ::
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [ MDKSA-2006:104 ] - Updated sendmail packages fix remotely exploitable vulnerability security (Jun 14)
- Re: [ MDKSA-2006:104 ] - Updated sendmail packages fix remotely exploitable vulnerability 3APA3A (Jun 15)
- Re: [ MDKSA-2006:104 ] - Updated sendmail packages fix remotely exploitable vulnerability Vincent Danen (Jun 15)
- Re: [ MDKSA-2006:104 ] - Updated sendmail packages fix remotely exploitable vulnerability 3APA3A (Jun 15)