Lucene search
SuseSUSE-SA:2006:017HistoryMar 22, 2006 - 5:13 p.m.
remote code execution in sendmail
2006-03-2217:13:36
lists.opensuse.org
23
0.94 High
EPSS
Percentile
98.9%
The popular MTA sendmail is vulnerable to a race condition when handling signals. Under certain circumstances this bug can be exploited by an attacker to execute commands remotely. Sendmail was the default MTA in SuSE Linux Enterprise Server 8. Later products use postfix as MTA. Thanks to Mark Dowd who found this bug.
Solution
There is no work-around known.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.3 | i586 | sendmail | <Â 8.13.3-5.3 | sendmail-8.13.3-5.3.i586.rpm |
| openSUSE | 9.1 | x86_64 | sendmail | <Â 8.12.11-2.2 | sendmail-8.12.11-2.2.x86_64.rpm |
| openSUSE | 9.2 | x86_64 | sendmail | <Â 8.13.1-5.3 | sendmail-8.13.1-5.3.x86_64.rpm |
| openSUSE | 9.1 | i586 | sendmail | <Â 8.12.11-2.2 | sendmail-8.12.11-2.2.i586.rpm |
| openSUSE | 9.3 | x86_64 | sendmail | <Â 8.13.3-5.3 | sendmail-8.13.3-5.3.x86_64.rpm |
| openSUSE | 9.2 | i586 | sendmail | <Â 8.13.1-5.3 | sendmail-8.13.1-5.3.i586.rpm |
| openSUSE | 10.0 | i586 | sendmail | <Â 8.13.4-8.3 | sendmail-8.13.4-8.3.i586.rpm |
| openSUSE | 10.0 | ppc | sendmail | <Â 8.13.4-8.3 | sendmail-8.13.4-8.3.ppc.rpm |
| openSUSE | 10.0 | x86_64 | sendmail | <Â 8.13.4-8.3 | sendmail-8.13.4-8.3.x86_64.rpm |
Related
nessus
nessus
Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : sendmail (SSA:2006-081-01)
2006-03-23 00:00:00
Debian DSA-1015-1 : sendmail - programming error
2006-10-14 00:00:00
AIX 5.3 TL 4 / 5.3 TL 5 : bos.net.tcp.client (U805069)
2013-03-13 00:00:00
redhat
redhat
(RHSA-2006:0265) sendmail security update
2006-03-22 00:00:00
(RHSA-2006:0264) sendmail security update
2006-03-22 00:00:00
gentoo
gentoo
Sendmail: Race condition in the handling of asynchronous signals
2006-03-22 00:00:00
centos
centos
sendmail security update
2006-03-22 22:18:56
sendmail security update
2006-03-22 16:47:02
checkpoint_advisories
checkpoint_advisories
Sendmail SMTP Timeout Buffer Overflow (CVE-2006-0058)
2010-03-24 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA06-081A -- Sendmail Race Condition Vulnerability
2006-03-23 00:00:00
FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail
2006-03-22 00:00:00
cve
cve
CVE-2006-0058
2006-03-22 20:06:00
openvas
openvas
SLES9: Security update for sendmail
2009-10-10 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-06:13.sendmail.asc)
2008-09-04 00:00:00
SLES9: Security update for sendmail
2009-10-10 00:00:00
freebsd
freebsd
sendmail -- race condition vulnerability
2006-03-22 00:00:00
osv
osv
sendmail - programming error
2006-03-23 00:00:00
debian
debian
[SECURITY] [DSA 1015-1] New sendmail packages fix arbitrary code execution
2006-03-23 00:00:00
[SECURITY] [DSA 1015-1] New sendmail packages fix arbitrary code execution
2006-03-23 09:29:21
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:13.sendmail
2006-03-22 00:00:00
cvelist
cvelist
CVE-2006-0058
2006-03-22 20:00:00
cert
cert
Sendmail signal I/O race condition
2006-03-22 00:00:00
slackware
slackware
[slackware-security] sendmail
2006-03-22 20:16:51
prion
prion
Race condition
2006-03-22 20:06:00
debiancve
debiancve
CVE-2006-0058
2006-03-22 20:06:00
ubuntucve
ubuntucve
CVE-2006-0058
2006-03-22 00:00:00