Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-1155-1:F8EB0
HistoryAug 24, 2006 - 12:00 a.m.

[SECURITY] [DSA 1155-1] New sendmail packages fix denial of service

2006-08-2400:00:00
lists.debian.org
14

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.349 Low

EPSS

Percentile

97.1%

JSON

Debian Security Advisory DSA 1155-1 [email protected]
http://www.debian.org/security/ Martin Schulze
August 24th, 2006 http://www.debian.org/security/faq

Package : sendmail
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-1173
CERT advisory : VU#146718
BugTraq ID : 18433
Debian Bug : 373801 380258

Frank Sheiness discovered that a MIME conversion routine in sendmail,
a powerful, efficient, and scalable mail transport agent, could be
tricked by a specially crafted mail to perform an endless recursion.

For the stable distribution (sarge) this problem has been fixed in
version 8.13.4-3sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 8.13.7-1.

We recommend that you upgrade your sendmail package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge2.dsc
  Size/MD5 checksum:      910 960ea60c4191d0dffc223bc87bdc8b60
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge2.diff.gz
  Size/MD5 checksum:   384830 5746beee4bf07d3ed740f4835bc7fa36
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4.orig.tar.gz
  Size/MD5 checksum:  1968047 d80dc659df96c63d227ed80c0c71b708

Architecture independent components:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail-base_8.13.4-3sarge2_all.deb
  Size/MD5 checksum:   342338 33201cb38ffe42ee9f13e7cfd534cd77
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.13.4-3sarge2_all.deb
  Size/MD5 checksum:   280724 fc323a1ae0ba4207bf485d0950838126
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.13.4-3sarge2_all.deb
  Size/MD5 checksum:   815978 b96cb196d23aa2f66dba83a3f4220fe6
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge2_all.deb
  Size/MD5 checksum:   193664 014094391c524db1f1eae96f6c7bae22

Alpha architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_alpha.deb
  Size/MD5 checksum:   319036 3f4eb80c71a8bc63b7dc74af4d330e39
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_alpha.deb
  Size/MD5 checksum:   215600 5f2a9cbb0a24465ed648926037038edd
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_alpha.deb
  Size/MD5 checksum:   228830 e8d15c3f6d26ca8d908e42b07bc7042f
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_alpha.deb
  Size/MD5 checksum:   953944 46d247fc609bbb701634f51173d04a33
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_alpha.deb
  Size/MD5 checksum:   198126 f8cce9c9d0f6b8a393e70f37b4078769

AMD64 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_amd64.deb
  Size/MD5 checksum:   296580 dbb1c9930fdd39d78f00165ab3bd4103
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_amd64.deb
  Size/MD5 checksum:   213218 5bf6afa8b44b7a85a639809c82294635
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_amd64.deb
  Size/MD5 checksum:   225286 f0eb29825d98fae3ae47aca60cc25d59
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_amd64.deb
  Size/MD5 checksum:   851166 2ab733eb6108e0cb75f461ee855f602a
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_amd64.deb
  Size/MD5 checksum:   197680 edb148b36ded61b6bd0615d120508605

ARM architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_arm.deb
  Size/MD5 checksum:   291930 5e7634c0a8733b0bce07d65e73a4ef16
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_arm.deb
  Size/MD5 checksum:   211570 6b4962041621b2dda3d2201f7107a8d3
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_arm.deb
  Size/MD5 checksum:   223674 f10af1dde65c5055fdec8cb31e089264
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_arm.deb
  Size/MD5 checksum:   829316 da778ae1e36441fc81219ba1c9424e94
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_arm.deb
  Size/MD5 checksum:   197238 e35b5bc8eb4f209b556ffae5f5b182ca

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_i386.deb
  Size/MD5 checksum:   287210 b0906f03f7965d82207c9510cafb6bca
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_i386.deb
  Size/MD5 checksum:   211614 1b239843c9a627900d62208144c4425c
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_i386.deb
  Size/MD5 checksum:   222384 101b1290a634f1f3b0fbe385fa3f00ea
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_i386.deb
  Size/MD5 checksum:   812502 f4533171ad66b3d3bb5e3457b8f072eb
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_i386.deb
  Size/MD5 checksum:   197280 bb50d3704bcd94d8fc391dd2b6bf4a89

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_ia64.deb
  Size/MD5 checksum:   330728 ce5076cdb2b4d6841697f8441b903c4b
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_ia64.deb
  Size/MD5 checksum:   220454 1bf7b131f12c5efedf329a8c606a6905
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_ia64.deb
  Size/MD5 checksum:   239680 702d539a34fd1b1316fedda55b7e5ae1
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_ia64.deb
  Size/MD5 checksum:  1162596 3f9c5fd6e4e58d09c488d1e18e5e8199
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_ia64.deb
  Size/MD5 checksum:   198966 82381861fc653cc8bcc0bdd11b6c982e

HP Precision architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_hppa.deb
  Size/MD5 checksum:   301512 c527f00a3851404869c148a30de682e0
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_hppa.deb
  Size/MD5 checksum:   215652 e9019f514e994d2b2582250d06f65ea0
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_hppa.deb
  Size/MD5 checksum:   229404 030689791d9ab55108b00d22147cde0a
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_hppa.deb
  Size/MD5 checksum:   919820 3309c8104d8eaa73abdcf90d1802204e
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_hppa.deb
  Size/MD5 checksum:   198126 49d18720f3e53fe2f1d8e092e98cf105

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_m68k.deb
  Size/MD5 checksum:   272812 11e4cc568a7889458d932db6d4ac61b6
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_m68k.deb
  Size/MD5 checksum:   210862 d51962d3877927d9e222d9ef941885bb
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_m68k.deb
  Size/MD5 checksum:   218874 fa8b57e8b977426f6a6acb8a7c6a7c22
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_m68k.deb
  Size/MD5 checksum:   728524 3c3a0ed89e720c9b5b676238fd4906cb
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_m68k.deb
  Size/MD5 checksum:   197172 6da127ab094398d33fdce92e4cdb0877

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_mips.deb
  Size/MD5 checksum:   293164 1da7ab05880c74c77e1cfe49d1c6b186
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_mips.deb
  Size/MD5 checksum:   212044 ea8f0785e2e23695b5a8ce9a6db0b241
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_mips.deb
  Size/MD5 checksum:   227376 38b9b47ea73e44456eb0ef18b5575f8c
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_mips.deb
  Size/MD5 checksum:   883436 4880521485f9c36548703ca007286f7e
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_mips.deb
  Size/MD5 checksum:   198136 5d31a8e053390f018f549fcdcff7c8cf

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_mipsel.deb
  Size/MD5 checksum:   293964 07b24d641a5badff3feebb780f62d335
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_mipsel.deb
  Size/MD5 checksum:   212342 e3e0903028c33b5f74e5f51d65513069
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_mipsel.deb
  Size/MD5 checksum:   227662 224ac71024df656f978bf77c02179a5e
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_mipsel.deb
  Size/MD5 checksum:   887092 c8226b40bacb22ea6141657fd7ac5566
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_mipsel.deb
  Size/MD5 checksum:   198308 9007cddf32c14fb0d26206a80be71953

PowerPC architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_powerpc.deb
  Size/MD5 checksum:   296008 826ce4a9a5269b1be8867f3f119ff58b
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_powerpc.deb
  Size/MD5 checksum:   216294 078a2c789c479c1382b9b639a0738b88
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_powerpc.deb
  Size/MD5 checksum:   228474 2b02f60ae2c6dfa8de9f5e5c62bf3d59
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_powerpc.deb
  Size/MD5 checksum:   867134 32296265a4e142ac4ec55a50b28bc050
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_powerpc.deb
  Size/MD5 checksum:   199352 7abc4f13f6351f1d93e548e2ecfd215e

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_s390.deb
  Size/MD5 checksum:   295158 5b5e75a74f2ff91c4a301057e22c26fb
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_s390.deb
  Size/MD5 checksum:   213298 fff5231f97b037d64e6fad5b200f558e
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_s390.deb
  Size/MD5 checksum:   228670 f3aaf184734fdfdd7cb1aecac78f4827
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_s390.deb
  Size/MD5 checksum:   875180 ba43126125f6da96878fc89fd971765c
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_s390.deb
  Size/MD5 checksum:   197662 b59525ac3fc1d4ab781646c50c35217e

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_sparc.deb
  Size/MD5 checksum:   285396 bdfb343b56374589948a271ca0a83acd
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_sparc.deb
  Size/MD5 checksum:   211612 776d54b96a9a5dbc465d97492025a050
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_sparc.deb
  Size/MD5 checksum:   222882 fc69af2a76b50b938d9aacf8f978c025
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_sparc.deb
  Size/MD5 checksum:   819474 cdafeb8dadc08275dd9cb2db5397b6f8
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_sparc.deb
  Size/MD5 checksum:   197400 11d3a7c2a52c824eb4002c5954d1c81a

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

Related

nessus 21
prion 9
openvas 10
debian 1
centos 2
gentoo 1
slackware 1
cert 1
redhat 1
ubuntucve 2
cve 9
freebsd_advisory 1
securityvulns 1
cvelist 9
debiancve 1
freebsd 1
suse 1
nessus
nessus
HP-UX PHNE_34900 : HP-UX Sendmail MIME Remote Denial of Service (DoS) (HPSBUX02124 SSRT061159 rev.2)
2006-08-08 00:00:00
Mandrake Linux Security Advisory : sendmail (MDKSA-2006:104)
2006-06-16 00:00:00
CentOS 3 / 4 : sendmail (CESA-2006:0515)
2006-07-03 00:00:00
prion
prion
Stack overflow
2006-06-07 23:06:00
Design/Logic Flaw
2008-12-11 15:30:00
Design/Logic Flaw
2008-12-11 15:30:00
openvas
openvas
Slackware Advisory SSA:2006-166-01 sendmail
2012-09-11 00:00:00
Gentoo Security Advisory GLSA 200606-19 (sendmail)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200606-19 (sendmail)
2008-09-24 00:00:00
debian
debian
[SECURITY] [DSA 1155-2] New sendmail packages fix denial of service
2006-08-24 00:00:00
centos
centos
sendmail security update
2006-06-14 21:17:41
sendmail security update
2006-06-18 23:46:01
gentoo
gentoo
Sendmail: Denial of service
2006-06-15 00:00:00
slackware
slackware
[slackware-security] sendmail
2006-06-15 08:39:54
cert
cert
Sendmail fails to handle malformed multipart MIME messages
2006-06-14 00:00:00
redhat
redhat
(RHSA-2006:0515) sendmail security update
2006-06-14 00:00:00
ubuntucve
ubuntucve
CVE-2006-1173
2006-06-07 00:00:00
CVE-2008-5430
2008-12-13 00:00:00
cve
cve
CVE-2006-1173
2006-06-07 23:06:00
CVE-2008-5429
2008-12-11 15:30:00
CVE-2008-5425
2008-12-11 15:30:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:17.sendmail
2006-06-14 00:00:00
securityvulns
securityvulns
DoS attacks on MIME-capable software via complex MIME emails
2008-12-09 00:00:00
cvelist
cvelist
CVE-2006-1173
2006-06-07 23:00:00
CVE-2008-5425
2008-12-11 15:00:00
CVE-2008-5426
2008-12-11 15:00:00
debiancve
debiancve
CVE-2006-1173
2006-06-07 23:06:00
freebsd
freebsd
sendmail -- Incorrect multipart message handling
2006-06-14 00:00:00
suse
suse
remote denial of service in sendmail
2006-06-14 19:08:15

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.349 Low

EPSS

Percentile

97.1%

JSON
Related for DEBIAN:DSA-1155-1:F8EB0
nessus21prion9openvas10debian1centos2gentoo1slackware1cert1redhat1ubuntucve2cve9freebsd_advisory1securityvulns1cvelist9debiancve1freebsd1suse1