CVE - CVE-2006-0058

CVE-ID
CVE-2006-0058	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
AIXAPAR:IY82992 URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY82992&apar=only AIXAPAR:IY82993 URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY82993&apar=only AIXAPAR:IY82994 URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY82994&apar=only BID:17192 URL:http://www.securityfocus.com/bid/17192 BUGTRAQ:20060322 sendmail vuln advisories (CVE-2006-0058) URL:http://www.securityfocus.com/archive/1/428536/100/0/threaded CERT:TA06-081A URL:http://www.us-cert.gov/cas/techalerts/TA06-081A.html CERT-VN:VU#834865 URL:http://www.kb.cert.org/vuls/id/834865 CIAC:Q-151 URL:http://www.ciac.org/ciac/bulletins/q-151.shtml CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-074.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm CONFIRM:http://www.f-secure.com/security/fsc-2006-2.shtml CONFIRM:http://www.sendmail.com/company/advisory/index.shtml CONFIRM:http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688 CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751 DEBIAN:DSA-1015 URL:http://www.debian.org/security/2006/dsa-1015 FEDORA:FEDORA-2006-193 URL:http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00018.html FEDORA:FEDORA-2006-194 URL:http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00017.html FEDORA:FLSA:186277 URL:http://www.securityfocus.com/archive/1/428656/100/0/threaded FREEBSD:FreeBSD-SA-06:13 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc GENTOO:GLSA-200603-21 URL:http://www.gentoo.org/security/en/glsa/glsa-200603-21.xml HP:HPSBTU02116 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 HP:HPSBUX02108 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555 HP:SSRT061133 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555 HP:SSRT061135 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 ISS:20060322 Sendmail Remote Signal Handling Vulnerability URL:~~http://www.iss.net/threats/216.html~~ (Obsolete source - check if archived by the Wayback Machine) MANDRIVA:MDKSA-2006:058 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:058~~ (Obsolete source) NETBSD:NetBSD-SA2006-010 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-010.txt.asc OPENBSD:[3.8] 006: SECURITY FIX: March 25, 2006 URL:http://www.openbsd.org/errata38.html#sendmail OPENPKG:OpenPKG-SA-2006.007 URL:http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.007-sendmail.html OSVDB:24037 URL:~~http://www.osvdb.org/24037~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:11074 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11074 OVAL:oval:org.mitre.oval:def:1689 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1689 REDHAT:RHSA-2006:0264 URL:http://www.redhat.com/support/errata/RHSA-2006-0264.html REDHAT:RHSA-2006:0265 URL:http://www.redhat.com/support/errata/RHSA-2006-0265.html SCO:SCOSA-2006.24 URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24/SCOSA-2006.24.txt SECTRACK:1015801 URL:http://securitytracker.com/id?1015801 SECUNIA:19342 URL:http://secunia.com/advisories/19342 SECUNIA:19345 URL:http://secunia.com/advisories/19345 SECUNIA:19346 URL:http://secunia.com/advisories/19346 SECUNIA:19349 URL:http://secunia.com/advisories/19349 SECUNIA:19356 URL:http://secunia.com/advisories/19356 SECUNIA:19360 URL:http://secunia.com/advisories/19360 SECUNIA:19361 URL:http://secunia.com/advisories/19361 SECUNIA:19363 URL:http://secunia.com/advisories/19363 SECUNIA:19367 URL:http://secunia.com/advisories/19367 SECUNIA:19368 URL:http://secunia.com/advisories/19368 SECUNIA:19394 URL:http://secunia.com/advisories/19394 SECUNIA:19404 URL:http://secunia.com/advisories/19404 SECUNIA:19407 URL:http://secunia.com/advisories/19407 SECUNIA:19450 URL:http://secunia.com/advisories/19450 SECUNIA:19466 URL:http://secunia.com/advisories/19466 SECUNIA:19532 URL:http://secunia.com/advisories/19532 SECUNIA:19533 URL:http://secunia.com/advisories/19533 SECUNIA:19676 URL:http://secunia.com/advisories/19676 SECUNIA:19774 URL:http://secunia.com/advisories/19774 SECUNIA:20243 URL:http://secunia.com/advisories/20243 SECUNIA:20723 URL:http://secunia.com/advisories/20723 SGI:20060302-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20060302-01-P SGI:20060401-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U SLACKWARE:SSA:2006-081-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.619600 SREASON:612 URL:http://securityreason.com/securityalert/612 SREASON:743 URL:http://securityreason.com/securityalert/743 SUNALERT:102262 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1~~ (Obsolete source) SUNALERT:102324 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102324-1~~ (Obsolete source) SUNALERT:200494 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-200494-1~~ (Obsolete source) SUSE:SUSE-SA:2006:017 URL:http://www.novell.com/linux/security/advisories/2006_17_sendmail.html VUPEN:ADV-2006-1049 URL:~~http://www.vupen.com/english/advisories/2006/1049~~ (Obsolete source) VUPEN:ADV-2006-1051 URL:~~http://www.vupen.com/english/advisories/2006/1051~~ (Obsolete source) VUPEN:ADV-2006-1068 URL:~~http://www.vupen.com/english/advisories/2006/1068~~ (Obsolete source) VUPEN:ADV-2006-1072 URL:~~http://www.vupen.com/english/advisories/2006/1072~~ (Obsolete source) VUPEN:ADV-2006-1139 URL:~~http://www.vupen.com/english/advisories/2006/1139~~ (Obsolete source) VUPEN:ADV-2006-1157 URL:~~http://www.vupen.com/english/advisories/2006/1157~~ (Obsolete source) VUPEN:ADV-2006-1529 URL:~~http://www.vupen.com/english/advisories/2006/1529~~ (Obsolete source) VUPEN:ADV-2006-2189 URL:~~http://www.vupen.com/english/advisories/2006/2189~~ (Obsolete source) VUPEN:ADV-2006-2490 URL:~~http://www.vupen.com/english/advisories/2006/2490~~ (Obsolete source) XF:smtp-timeout-bo(24584) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24584
Assigning CNA
CERT/CC
Date Record Created
20060101	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060101)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)