Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [ MDKSA-2006:104 ] - Updated sendmail packages fix remotely exploitable vulnerability

From: Vincent Danen <vdanen () linsec ca>
Date: Thu, 15 Jun 2006 10:28:21 -0600
* 3APA3A <3APA3A () SECURITY NNOV RU> [2006-06-15 12:14:13 +0400]:


Dear security () mandriva com,

smc>  References:
 
smc>  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173

Description  Unspecified  vulnerability  in HP Tru64 UNIX 4.0F PK8 up to
5.1B-3  and  HP  Internet  Express  for Tru64 UNIX 6.3 through 6.5, when
running  Sendmail,  might  allow  remote  attackers to cause a denial of
service or execute arbitrary code. NOTE: as of 20060607, due to the lack
of  details,  it  is  not  publicly  known  whether this issue is within
Sendmail itself, and/or if it is specific to HP.

smc>  http://www.cert.org/advisories/146718

Error 404.

www.sendmail.org

Recent News

    * Sendmail 8.13.7 is available (2006-06-14); it contains a fix for a potential denial of service problem caused 
by excessive recursion which leads to stack exhaustion when attempting delivery of a malformed MIME message.

    Does Somebody have details?


No, but if you find some, please share.  =)  The details received from
CERT were sketchy, and none of the other referenced docs had much more
info.  Looking at the patch, it looks like it's a mime-nesting issue,
but doesn't really indicate how deep the nesting has to be to trigger
the crash.

The CVE entry should probably be updated as the problem is definitely in
sendmail, and AFAIK it's just a regular DoS as sendmail will crash on a
message with deeply-nested mime messages.  I don't see anything in there
that makes me believe there could be the execution of arbitrary code
(but I could be wrong on that point).

-- 
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C  A2BC 2EBC 5E32 FEE3 0AD4}
mysql> SELECT * FROM users WHERE clue > 0;
Empty set (0.00sec)
:: Annvix - Secure Linux Server: http://annvix.org/ ::

Attachment: _bin
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: