CVE-2006-4434

2006-08-2900:00:00

ubuntu.com

0.274 Low

EPSS

Percentile

96.8%

JSON

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote
attackers to cause a denial of service (crash) via a long “header line”,
which causes a previously freed variable to be referenced. NOTE: the
original developer has disputed the severity of this issue, saying “The
only denial of service that is possible here is to fill up the disk with
core dumps if the OS actually generates different core dumps (which is
unlikely)… the bug is in the shutdown code (finis()) which leads directly
to exit(3), i.e., the process would terminate anyway, no mail delivery or
receiption is affected.”

OSVersionArchitecturePackageVersionFilename
ubuntu6.10noarchsendmail< 8.13.8-1UNKNOWN
ubuntu7.04noarchsendmail< 8.13.8-1UNKNOWN
ubuntu7.10noarchsendmail< 8.13.8-1UNKNOWN
ubuntu8.04noarchsendmail< 8.13.8-1UNKNOWN
ubuntu8.10noarchsendmail< 8.13.8-1UNKNOWN
ubuntu9.04noarchsendmail< 8.13.8-1UNKNOWN
ubuntu9.10noarchsendmail< 8.13.8-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.10	noarch	sendmail	< 8.13.8-1	UNKNOWN
ubuntu	7.04	noarch	sendmail	< 8.13.8-1	UNKNOWN
ubuntu	7.10	noarch	sendmail	< 8.13.8-1	UNKNOWN
ubuntu	8.04	noarch	sendmail	< 8.13.8-1	UNKNOWN
ubuntu	8.10	noarch	sendmail	< 8.13.8-1	UNKNOWN
ubuntu	9.04	noarch	sendmail	< 8.13.8-1	UNKNOWN
ubuntu	9.10	noarch	sendmail	< 8.13.8-1	UNKNOWN