Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-1173

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.

Published

2006-06-07T23:06:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sendmail	sendmail	≤ 8.13.6	Yes
Application	sendmail	sendmail	8.8.8	Yes
Application	sendmail	sendmail	8.9.0	Yes
Application	sendmail	sendmail	8.9.1	Yes
Application	sendmail	sendmail	8.9.2	Yes
Application	sendmail	sendmail	8.9.3	Yes
Application	sendmail	sendmail	8.10	Yes
Application	sendmail	sendmail	8.10.1	Yes
Application	sendmail	sendmail	8.10.2	Yes
Application	sendmail	sendmail	8.11.0	Yes
Application	sendmail	sendmail	8.11.1	Yes
Application	sendmail	sendmail	8.11.2	Yes
Application	sendmail	sendmail	8.11.3	Yes
Application	sendmail	sendmail	8.11.4	Yes
Application	sendmail	sendmail	8.11.5	Yes
Application	sendmail	sendmail	8.11.6	Yes
Application	sendmail	sendmail	8.11.7	Yes
Application	sendmail	sendmail	8.12	Yes
Application	sendmail	sendmail	8.12	Yes
Application	sendmail	sendmail	8.12	Yes
Application	sendmail	sendmail	8.12	Yes
Application	sendmail	sendmail	8.12	Yes
Application	sendmail	sendmail	8.12.0	Yes
Application	sendmail	sendmail	8.12.1	Yes
Application	sendmail	sendmail	8.12.2	Yes
Application	sendmail	sendmail	8.12.3	Yes
Application	sendmail	sendmail	8.12.4	Yes
Application	sendmail	sendmail	8.12.5	Yes
Application	sendmail	sendmail	8.12.6	Yes
Application	sendmail	sendmail	8.12.7	Yes
Application	sendmail	sendmail	8.12.8	Yes
Application	sendmail	sendmail	8.12.9	Yes
Application	sendmail	sendmail	8.12.10	Yes
Application	sendmail	sendmail	8.12.11	Yes
Application	sendmail	sendmail	8.13.0	Yes
Application	sendmail	sendmail	8.13.1	Yes
Application	sendmail	sendmail	8.13.1.2	Yes
Application	sendmail	sendmail	8.13.2	Yes
Application	sendmail	sendmail	8.13.3	Yes
Application	sendmail	sendmail	8.13.4	Yes
Application	sendmail	sendmail	8.13.5	Yes

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc ([email protected])
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 ([email protected])
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 ([email protected])
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html ([email protected])
http://secunia.com/advisories/15779 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/20473 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/20641 Vendor Advisory ([email protected])
http://secunia.com/advisories/20650 Vendor Advisory ([email protected])
http://secunia.com/advisories/20651 Vendor Advisory ([email protected])
http://secunia.com/advisories/20654 Vendor Advisory ([email protected])
http://secunia.com/advisories/20673 Vendor Advisory ([email protected])
http://secunia.com/advisories/20675 Vendor Advisory ([email protected])
http://secunia.com/advisories/20679 Vendor Advisory ([email protected])
http://secunia.com/advisories/20683 Vendor Advisory ([email protected])
http://secunia.com/advisories/20684 Vendor Advisory ([email protected])
http://secunia.com/advisories/20694 Vendor Advisory ([email protected])
http://secunia.com/advisories/20726 Vendor Advisory ([email protected])
http://secunia.com/advisories/20782 Vendor Advisory ([email protected])
http://secunia.com/advisories/21042 Vendor Advisory ([email protected])
http://secunia.com/advisories/21160 Vendor Advisory ([email protected])
http://secunia.com/advisories/21327 Vendor Advisory ([email protected])
http://secunia.com/advisories/21612 Vendor Advisory ([email protected])
http://secunia.com/advisories/21647 Vendor Advisory ([email protected])
http://securitytracker.com/id?1016295 ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382 ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1 Patch, Vendor Advisory ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm ([email protected])
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only ([email protected])
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only ([email protected])
http://www.debian.org/security/2006/dsa-1155 ([email protected])
http://www.f-secure.com/security/fsc-2006-5.shtml ([email protected])
http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml ([email protected])
http://www.kb.cert.org/vuls/id/146718 Third Party Advisory, US Government Resource ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:104 ([email protected])
http://www.openbsd.org/errata38.html#sendmail2 ([email protected])
http://www.osvdb.org/26197 ([email protected])
http://www.redhat.com/support/errata/RHSA-2006-0515.html ([email protected])
http://www.securityfocus.com/archive/1/437928/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/438241/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/438330/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/440744/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/442939/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/442939/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/18433 Patch ([email protected])
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc Patch, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/2189 ([email protected])
http://www.vupen.com/english/advisories/2006/2351 ([email protected])
http://www.vupen.com/english/advisories/2006/2388 ([email protected])
http://www.vupen.com/english/advisories/2006/2389 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/2390 ([email protected])
http://www.vupen.com/english/advisories/2006/2798 ([email protected])
http://www.vupen.com/english/advisories/2006/3135 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/27128 ([email protected])
https://issues.rpath.com/browse/RPL-526 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253 ([email protected])
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc (af854a3a-2127-422b-91ae-364da2661108)
ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P (af854a3a-2127-422b-91ae-364da2661108)
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc (af854a3a-2127-422b-91ae-364da2661108)
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 (af854a3a-2127-422b-91ae-364da2661108)
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/15779 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20473 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20641 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20650 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20651 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20654 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20673 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20675 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20679 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20683 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20684 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20694 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20726 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20782 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21042 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21160 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21327 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21612 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21647 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1016295 (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382 (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm (af854a3a-2127-422b-91ae-364da2661108)
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only (af854a3a-2127-422b-91ae-364da2661108)
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1155 (af854a3a-2127-422b-91ae-364da2661108)
http://www.f-secure.com/security/fsc-2006-5.shtml (af854a3a-2127-422b-91ae-364da2661108)
http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/146718 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:104 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openbsd.org/errata38.html#sendmail2 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/26197 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2006-0515.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/437928/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/438241/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/438330/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/440744/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/442939/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/442939/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/18433 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/2189 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/2351 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/2388 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/2389 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/2390 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/2798 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/3135 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27128 (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-526 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253 (af854a3a-2127-422b-91ae-364da2661108)