CVE - CVE-2006-1173

CVE-ID
CVE-2006-1173	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
AIXAPAR:IY85415 URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only AIXAPAR:IY85930 URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only BID:18433 URL:http://www.securityfocus.com/bid/18433 BUGTRAQ:20060620 Sendmail MIME DoS vulnerability URL:http://www.securityfocus.com/archive/1/437928/100/0/threaded BUGTRAQ:20060621 Re: Sendmail MIME DoS vulnerability URL:http://www.securityfocus.com/archive/1/438241/100/0/threaded BUGTRAQ:20060624 Re: Sendmail MIME DoS vulnerability URL:http://www.securityfocus.com/archive/1/438330/100/0/threaded BUGTRAQ:20060721 rPSA-2006-0134-1 sendmail sendmail-cf URL:http://www.securityfocus.com/archive/1/440744/100/0/threaded CERT-VN:VU#146718 URL:http://www.kb.cert.org/vuls/id/146718 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm CONFIRM:http://www.f-secure.com/security/fsc-2006-5.shtml CONFIRM:http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html CONFIRM:http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc CONFIRM:https://issues.rpath.com/browse/RPL-526 DEBIAN:DSA-1155 URL:http://www.debian.org/security/2006/dsa-1155 FREEBSD:FreeBSD-SA-06:17.sendmail URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc GENTOO:GLSA-200606-19 URL:http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml HP:HPSBTU02116 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 HP:HPSBUX02124 URL:http://www.securityfocus.com/archive/1/442939/100/0/threaded HP:SSRT061135 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 HP:SSRT061159 URL:http://www.securityfocus.com/archive/1/442939/100/0/threaded MANDRIVA:MDKSA-2006:104 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:104~~ (Obsolete source) OPENBSD:[3.8] 008: SECURITY FIX: June 15, 2006 URL:http://www.openbsd.org/errata38.html#sendmail2 OSVDB:26197 URL:~~http://www.osvdb.org/26197~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:11253 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253 REDHAT:RHSA-2006:0515 URL:http://www.redhat.com/support/errata/RHSA-2006-0515.html SECTRACK:1016295 URL:http://securitytracker.com/id?1016295 SECUNIA:15779 URL:http://secunia.com/advisories/15779 SECUNIA:20473 URL:http://secunia.com/advisories/20473 SECUNIA:20641 URL:http://secunia.com/advisories/20641 SECUNIA:20650 URL:http://secunia.com/advisories/20650 SECUNIA:20651 URL:http://secunia.com/advisories/20651 SECUNIA:20654 URL:http://secunia.com/advisories/20654 SECUNIA:20673 URL:http://secunia.com/advisories/20673 SECUNIA:20675 URL:http://secunia.com/advisories/20675 SECUNIA:20679 URL:http://secunia.com/advisories/20679 SECUNIA:20683 URL:http://secunia.com/advisories/20683 SECUNIA:20684 URL:http://secunia.com/advisories/20684 SECUNIA:20694 URL:http://secunia.com/advisories/20694 SECUNIA:20726 URL:http://secunia.com/advisories/20726 SECUNIA:20782 URL:http://secunia.com/advisories/20782 SECUNIA:21042 URL:http://secunia.com/advisories/21042 SECUNIA:21160 URL:http://secunia.com/advisories/21160 SECUNIA:21327 URL:http://secunia.com/advisories/21327 SECUNIA:21612 URL:http://secunia.com/advisories/21612 SECUNIA:21647 URL:http://secunia.com/advisories/21647 SGI:20060601-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P SGI:20060602-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc SLACKWARE:SSA:2006-166-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382 SUNALERT:102460 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1~~ (Obsolete source) SUSE:SUSE-SA:2006:032 URL:http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html VUPEN:ADV-2006-2189 URL:~~http://www.vupen.com/english/advisories/2006/2189~~ (Obsolete source) VUPEN:ADV-2006-2351 URL:~~http://www.vupen.com/english/advisories/2006/2351~~ (Obsolete source) VUPEN:ADV-2006-2388 URL:~~http://www.vupen.com/english/advisories/2006/2388~~ (Obsolete source) VUPEN:ADV-2006-2389 URL:~~http://www.vupen.com/english/advisories/2006/2389~~ (Obsolete source) VUPEN:ADV-2006-2390 URL:~~http://www.vupen.com/english/advisories/2006/2390~~ (Obsolete source) VUPEN:ADV-2006-2798 URL:~~http://www.vupen.com/english/advisories/2006/2798~~ (Obsolete source) VUPEN:ADV-2006-3135 URL:~~http://www.vupen.com/english/advisories/2006/3135~~ (Obsolete source) XF:sendmail-multipart-mime-dos(27128) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/27128
Assigning CNA
CERT/CC
Date Record Created
20060312	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060312)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)