Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-4434

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

Published

2006-08-29T00:04:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sendmail	sendmail	< 8.13.8	Yes

References

http://secunia.com/advisories/21637 Broken Link, Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/21641 Broken Link, Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/21696 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/21700 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/21749 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/22369 Broken Link, Vendor Advisory ([email protected])
http://securitytracker.com/id?1016753 Broken Link, Patch, Third Party Advisory, VDB Entry ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1 Broken Link ([email protected])
http://www.attrition.org/pipermail/vim/2006-August/000999.html Mailing List ([email protected])
http://www.debian.org/security/2006/dsa-1164 Broken Link ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2006:156 Broken Link ([email protected])
http://www.novell.com/linux/security/advisories/2006_21_sr.html Broken Link ([email protected])
http://www.openbsd.org/errata.html#sendmail3 Release Notes ([email protected])
http://www.openbsd.org/errata38.html#sendmail3 Third Party Advisory ([email protected])
http://www.osvdb.org/28193 Broken Link ([email protected])
http://www.securityfocus.com/bid/19714 Broken Link, Patch, Third Party Advisory, VDB Entry ([email protected])
http://www.sendmail.org/releases/8.13.8.html Release Notes ([email protected])
http://www.vupen.com/english/advisories/2006/3393 Broken Link, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/3994 Broken Link, Vendor Advisory ([email protected])
http://secunia.com/advisories/21637 Broken Link, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21641 Broken Link, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21696 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21700 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/21749 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/22369 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1016753 Broken Link, Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.attrition.org/pipermail/vim/2006-August/000999.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1164 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:156 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2006_21_sr.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.openbsd.org/errata.html#sendmail3 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.openbsd.org/errata38.html#sendmail3 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/28193 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/19714 Broken Link, Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.sendmail.org/releases/8.13.8.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/3393 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/3994 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)