Lucene search

[email protected]CVE-2006-0058

HistoryMar 22, 2006 - 8:06 p.m.

CVE-2006-0058

2006-03-2220:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

144

cve-2006-0058

sendmail

signal handler

race condition

remote code execution

vulnerability

7.1 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.94 High

EPSS

Percentile

99.1%

JSON

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

CPENameOperatorVersion
sendmail:sendmailsendmaileq8.13.4
sendmail:sendmailsendmaileq8.13.1
sendmail:sendmailsendmaileq8.13.5
sendmail:sendmailsendmaileq8.13.0
sendmail:sendmailsendmaileq8.13.3
sendmail:sendmailsendmaileq8.13.2

CPE	Name	Operator	Version
sendmail:sendmail	sendmail	eq	8.13.4
sendmail:sendmail	sendmail	eq	8.13.1
sendmail:sendmail	sendmail	eq	8.13.5
sendmail:sendmail	sendmail	eq	8.13.0
sendmail:sendmail	sendmail	eq	8.13.3
sendmail:sendmail	sendmail	eq	8.13.2

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-010.txt.asc

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24/SCOSA-2006.24.txt

ftp://patches.sgi.com/support/free/security/advisories/20060302-01-P

ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555

itrc.hp.com/service/cki/docDisplay.do?docId=c00692635

secunia.com/advisories/19342

secunia.com/advisories/19345

secunia.com/advisories/19346

secunia.com/advisories/19349

secunia.com/advisories/19356

secunia.com/advisories/19360

secunia.com/advisories/19361

secunia.com/advisories/19363

secunia.com/advisories/19367

secunia.com/advisories/19368

secunia.com/advisories/19394

secunia.com/advisories/19404

secunia.com/advisories/19407

secunia.com/advisories/19450

secunia.com/advisories/19466

secunia.com/advisories/19532

secunia.com/advisories/19533

secunia.com/advisories/19676

secunia.com/advisories/19774

secunia.com/advisories/20243

secunia.com/advisories/20723

securityreason.com/securityalert/612

securityreason.com/securityalert/743

securitytracker.com/id?1015801

slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.619600

sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1

sunsolve.sun.com/search/document.do?assetkey=1-26-102324-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200494-1

support.avaya.com/elmodocs2/security/ASA-2006-074.htm

support.avaya.com/elmodocs2/security/ASA-2006-078.htm

www-1.ibm.com/support/search.wss?rs=0&q=IY82992&apar=only

www-1.ibm.com/support/search.wss?rs=0&q=IY82993&apar=only

www-1.ibm.com/support/search.wss?rs=0&q=IY82994&apar=only

www.ciac.org/ciac/bulletins/q-151.shtml

www.debian.org/security/2006/dsa-1015

www.f-secure.com/security/fsc-2006-2.shtml

www.gentoo.org/security/en/glsa/glsa-200603-21.xml

www.iss.net/threats/216.html

www.kb.cert.org/vuls/id/834865

www.mandriva.com/security/advisories?name=MDKSA-2006:058

www.novell.com/linux/security/advisories/2006_17_sendmail.html

www.openbsd.org/errata38.html#sendmail

www.openpkg.org/security/advisories/OpenPKG-SA-2006.007-sendmail.html

www.osvdb.org/24037

www.redhat.com/archives/fedora-announce-list/2006-April/msg00017.html

www.redhat.com/archives/fedora-announce-list/2006-April/msg00018.html

www.redhat.com/support/errata/RHSA-2006-0264.html

www.redhat.com/support/errata/RHSA-2006-0265.html

www.securityfocus.com/archive/1/428536/100/0/threaded

www.securityfocus.com/archive/1/428656/100/0/threaded

www.securityfocus.com/bid/17192

www.sendmail.com/company/advisory/index.shtml

www.us-cert.gov/cas/techalerts/TA06-081A.html

www.vupen.com/english/advisories/2006/1049

www.vupen.com/english/advisories/2006/1051

www.vupen.com/english/advisories/2006/1068

www.vupen.com/english/advisories/2006/1072

www.vupen.com/english/advisories/2006/1139

www.vupen.com/english/advisories/2006/1157

www.vupen.com/english/advisories/2006/1529

www.vupen.com/english/advisories/2006/2189

www.vupen.com/english/advisories/2006/2490

www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688

www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751

exchange.xforce.ibmcloud.com/vulnerabilities/24584

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11074

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1689

7.1 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.94 High

EPSS

Percentile

99.1%

JSON

Related for CVE-2006-0058

nessus22 redhat2 gentoo1 centos2 checkpoint_advisories1 freebsd1 openvas14 securityvulns2 debian2 slackware1 cert1 freebsd_advisory1 ubuntucve1 debiancve1 prion1 osv1 suse1