SecurityLex.org - Vulnerability Test Information

Search CVSS vectors
CVSS Base score between and
Access Vector		Confidentiality Impact
Access Complexity		Integrity Impact
Authentification		Availability Impact
Impact Bias

Your search for "16171" returned:

SecureScout Testcase: 16171	Name: Sendmail Signal Handling Memory Corruption Vulnerability
CVE References: CVE-2006-0058 (cve.mitre.org, nvd.nist.gov)
SANS/FBI TOP20 Reference:
Risk: High		CVSS Base Score: 7.6 (ver. 2.0 )
TC Impact: Gather Info		Service: smtp	Vuln Impact: Attack
Access Vector: Network		Access Complexity: High	Authentication: None
Confidentiality Impact: Complete	Integrity Impact: Complete	Availability Impact: Complete	Impact Bias:
Host Impact: Execution of arbitrary code.		Summary: A vulnerability has been reported in Sendmail, which can be exploited by malicious people to execute arbitrary code with the privileges of the sendmail server daemon.
Fix Type: Update the software.		Copyright: Mark Dowd, ISS X-Force	Published Date: March 23, 2006
Description: ISS X-Force has reported a vulnerability in Sendmail, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is due to a signal handling error when receiving and processing mail data from clients. This can be exploited to corrupt memory by sending specially crafted data at certain time intervals. Successful exploitation allows execution of arbitrary code with the privileges of the sendmail server daemon. The issue has been fixed in Sendmail version 8.13.6.
Remediation: *** Solution type: Apply Patches *** Update to sendmail version 8.13.6 or apply the appropriate patch: Patch for version 8.13.5: ftp://ftp.sendmail.org/pub/sendmail/8.13.5.p0 Patch for version 8.12.11: ftp://ftp.sendmail.org/pub/sendmail/8.12.11.p0 See references for more details.
References: * BUGTRAQ: 20060322 sendmail vuln advisories (CVE-2006-0058) http://www.securityfocus.com/archive/1/428536/100/0/threaded * ISS: 20060322 Sendmail Remote Signal Handling Vulnerability http://xforce.iss.net/xforce/alerts/id/216 * CONFIRM: http://www.sendmail.com/company/advisory/index.shtml * CONFIRM: http://support.avaya.com/elmodocs2/security/ASA-2006-074.htm * CONFIRM: http://www.f-secure.com/security/fsc-2006-2.shtml * CONFIRM: http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm * CONFIRM: http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688 * CONFIRM: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751 * AIXAPAR: IY82992 http://www-1.ibm.com/support/search.wss?rs=0&q=IY82992&apar=only * AIXAPAR: IY82993 http://www-1.ibm.com/support/search.wss?rs=0&q=IY82993&apar=only * AIXAPAR: IY82994 http://www-1.ibm.com/support/search.wss?rs=0&q=IY82994&apar=only * DEBIAN: DSA-1015 http://www.debian.org/security/2006/dsa-1015 * FEDORA: FLSA:186277 http://www.securityfocus.com/archive/1/archive/1/428656/100/0/threaded * FEDORA: FEDORA-2006-193 http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00018.html * FEDORA: FEDORA-2006-194 http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00017.html * FREEBSD: FreeBSD-SA-06:13 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc * GENTOO: GLSA-200603-21 http://www.gentoo.org/security/en/glsa/glsa-200603-21.xml * HP: HPSBUX02108 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555 * HP: HPSBTU02116 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 * MANDRIVA: MDKSA-2006:058 http://www.mandriva.com/security/advisories?name=MDKSA-2006:058 * NETBSD: NetBSD-SA2006-010 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-010.txt.asc * OPENBSD: [3.8] 006: SECURITY FIX: March 25, 2006 http://www.openbsd.org/errata38.html#sendmail * OPENPKG: OpenPKG-SA-2006.007 http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.007-sendmail.html * REDHAT: RHSA-2006:0264 http://www.redhat.com/support/errata/RHSA-2006-0264.html * REDHAT: RHSA-2006:0265 http://www.redhat.com/support/errata/RHSA-2006-0265.html * SCO: SCOSA-2006.24 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24/SCOSA-2006.24.txt * SLACKWARE: SSA:2006-081-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.619600 * SUNALERT: 102262 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1 * SUNALERT: 102324 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102324-1 * SUSE: SUSE-SA:2006:017 http://www.novell.com/linux/security/advisories/2006_17_sendmail.html * CERT: TA06-081A http://www.us-cert.gov/cas/techalerts/TA06-081A.html * CERT-VN: VU#834865 http://www.kb.cert.org/vuls/id/834865 * CIAC: Q-151 http://www.ciac.org/ciac/bulletins/q-151.shtml * BID: 17192 http://www.securityfocus.com/bid/17192 * FRSIRT: ADV-2006-1049 http://www.frsirt.com/english/advisories/2006/1049 * FRSIRT: ADV-2006-1051 http://www.frsirt.com/english/advisories/2006/1051 * FRSIRT: ADV-2006-1068 http://www.frsirt.com/english/advisories/2006/1068 * FRSIRT: ADV-2006-1072 http://www.frsirt.com/english/advisories/2006/1072 * FRSIRT: ADV-2006-1139 http://www.frsirt.com/english/advisories/2006/1139 * FRSIRT: ADV-2006-1157 http://www.frsirt.com/english/advisories/2006/1157 * FRSIRT: ADV-2006-1529 http://www.frsirt.com/english/advisories/2006/1529 * FRSIRT: ADV-2006-2189 http://www.frsirt.com/english/advisories/2006/2189 * FRSIRT: ADV-2006-2490 http://www.frsirt.com/english/advisories/2006/2490 * OSVDB: 24037 http://www.osvdb.org/24037 * OVAL: oval:org.mitre.oval:def:1689 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1689 * SECTRACK: 1015801 http://securitytracker.com/id?1015801 * SECUNIA: 19342 http://secunia.com/advisories/19342 * SECUNIA: 19363 http://secunia.com/advisories/19363 * SECUNIA: 19367 http://secunia.com/advisories/19367 * SECUNIA: 19368 http://secunia.com/advisories/19368 * SECUNIA: 19404 http://secunia.com/advisories/19404 * SECUNIA: 19407 http://secunia.com/advisories/19407 * SECUNIA: 19349 http://secunia.com/advisories/19349 * SECUNIA: 19360 http://secunia.com/advisories/19360 * SECUNIA: 19361 http://secunia.com/advisories/19361 * SECUNIA: 19394 http://secunia.com/advisories/19394 * SECUNIA: 19450 http://secunia.com/advisories/19450 * SECUNIA: 19466 http://secunia.com/advisories/19466 * SECUNIA: 19533 http://secunia.com/advisories/19533 * SECUNIA: 19532 http://secunia.com/advisories/19532 * SECUNIA: 19345 http://secunia.com/advisories/19345 * SECUNIA: 19346 http://secunia.com/advisories/19346 * SECUNIA: 19356 http://secunia.com/advisories/19356 * SECUNIA: 19676 http://secunia.com/advisories/19676 * SECUNIA: 19774 http://secunia.com/advisories/19774 * SECUNIA: 20243 http://secunia.com/advisories/20243 * SECUNIA: 20723 http://secunia.com/advisories/20723 * SREASON: 612 http://securityreason.com/securityalert/612 * SREASON: 743 http://securityreason.com/securityalert/743 * XF: smtp-timeout-bo(24584) http://xforce.iss.net/xforce/xfdb/24584
Created: 2009-01-23 01:00:00		Last Changed: 2010-02-07 16:47:06

The Complete Lexicon to Security