| Dragonsoft Vuln ID: 2450 | Name: Sendmail Asynchronous Signals Handle Vulnerability |
| CVE References: CVE-2006-0058 (cve.mitre.org, nvd.nist.gov) |
| SANS/FBI TOP20 Reference: |
| Group/Family: Mail Servers |
| Risk: High |
| TC Impact: n/a | Service: n/a | Vuln Impact: Gain System Privileges |
| Access Vector: Remote | Access Complexity: | Authentication: |
Description: Sendmail 8.13.x before 8.13.6 are contains a race condition vulnerability. Caused by the "setjmp()", "longjmp()" and "sm_syslog()" functions that do not properly handle certain asynchronous signals, A remote unauthenticated attackers could sending specially crafted requests at certain time intervals to the SMTP port. Which could be exploited by remote attackers or network worms to take complete control of an affected system.
Affect OS: UNIX |
| Remediation:
Upgrade to version 8.13.6, or the current version of Sendmail. |
| Created: 2007-03-06 18:25:38 | Last Changed: 2007-04-27 11:42:03 |