CVE - CVE-2006-1173

CVE-ID
CVE-2006-1173	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20060620 Sendmail MIME DoS vulnerability URL:http://www.securityfocus.com/archive/1/archive/1/437928/100/0/threaded BUGTRAQ:20060621 Re: Sendmail MIME DoS vulnerability URL:http://www.securityfocus.com/archive/1/archive/1/438241/100/0/threaded BUGTRAQ:20060624 Re: Sendmail MIME DoS vulnerability URL:http://www.securityfocus.com/archive/1/archive/1/438330/100/0/threaded BUGTRAQ:20060721 rPSA-2006-0134-1 sendmail sendmail-cf URL:http://www.securityfocus.com/archive/1/archive/1/440744/100/0/threaded CONFIRM:http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc CONFIRM:http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html CONFIRM:http://www.f-secure.com/security/fsc-2006-5.shtml CONFIRM:https://issues.rpath.com/browse/RPL-526 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm AIXAPAR:IY85415 URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only AIXAPAR:IY85930 URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only DEBIAN:DSA-1155 URL:http://www.debian.org/security/2006/dsa-1155 FREEBSD:FreeBSD-SA-06:17.sendmail URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc GENTOO:GLSA-200606-19 URL:http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml HP:HPSBTU02116 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 HP:SSRT061135 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 HP:HPSBUX02124 URL:http://www.securityfocus.com/archive/1/archive/1/442939/100/0/threaded HP:SSRT061159 URL:http://www.securityfocus.com/archive/1/archive/1/442939/100/0/threaded MANDRIVA:MDKSA-2006:104 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:104 OPENBSD:[3.8] 008: SECURITY FIX: June 15, 2006 URL:http://www.openbsd.org/errata38.html#sendmail2 REDHAT:RHSA-2006:0515 URL:http://www.redhat.com/support/errata/RHSA-2006-0515.html SGI:20060601-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P SGI:20060602-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc SLACKWARE:SSA:2006-166-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382 SUNALERT:102460 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1 SUSE:SUSE-SA:2006:032 URL:http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html CERT-VN:VU#146718 URL:http://www.kb.cert.org/vuls/id/146718 BID:18433 URL:http://www.securityfocus.com/bid/18433 OVAL:oval:org.mitre.oval:def:11253 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11253 VUPEN:ADV-2006-2189 URL:http://www.vupen.com/english/advisories/2006/2189 VUPEN:ADV-2006-2351 URL:http://www.vupen.com/english/advisories/2006/2351 VUPEN:ADV-2006-2388 URL:http://www.vupen.com/english/advisories/2006/2388 VUPEN:ADV-2006-2389 URL:http://www.vupen.com/english/advisories/2006/2389 VUPEN:ADV-2006-2390 URL:http://www.vupen.com/english/advisories/2006/2390 VUPEN:ADV-2006-2798 URL:http://www.vupen.com/english/advisories/2006/2798 VUPEN:ADV-2006-3135 URL:http://www.vupen.com/english/advisories/2006/3135 OSVDB:26197 URL:http://www.osvdb.org/26197 SECTRACK:1016295 URL:http://securitytracker.com/id?1016295 SECUNIA:15779 URL:http://secunia.com/advisories/15779 SECUNIA:20473 URL:http://secunia.com/advisories/20473 SECUNIA:20641 URL:http://secunia.com/advisories/20641 SECUNIA:20650 URL:http://secunia.com/advisories/20650 SECUNIA:20651 URL:http://secunia.com/advisories/20651 SECUNIA:20654 URL:http://secunia.com/advisories/20654 SECUNIA:20673 URL:http://secunia.com/advisories/20673 SECUNIA:20675 URL:http://secunia.com/advisories/20675 SECUNIA:20679 URL:http://secunia.com/advisories/20679 SECUNIA:20683 URL:http://secunia.com/advisories/20683 SECUNIA:20684 URL:http://secunia.com/advisories/20684 SECUNIA:20694 URL:http://secunia.com/advisories/20694 SECUNIA:20726 URL:http://secunia.com/advisories/20726 SECUNIA:20782 URL:http://secunia.com/advisories/20782 SECUNIA:21042 URL:http://secunia.com/advisories/21042 SECUNIA:21160 URL:http://secunia.com/advisories/21160 SECUNIA:21327 URL:http://secunia.com/advisories/21327 SECUNIA:21612 URL:http://secunia.com/advisories/21612 SECUNIA:21647 URL:http://secunia.com/advisories/21647 XF:sendmail-multipart-mime-dos(27128) URL:http://xforce.iss.net/xforce/xfdb/27128
Date Entry Created
20060312	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060312)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Common Vulnerabilities and Exposures

CVE-2006-1173