CVE - CVE-2006-4434

CVE-ID
CVE-2006-4434	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:19714 URL:http://www.securityfocus.com/bid/19714 CONFIRM:http://www.sendmail.org/releases/8.13.8.html DEBIAN:DSA-1164 URL:http://www.debian.org/security/2006/dsa-1164 MANDRIVA:MDKSA-2006:156 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:156~~ (Obsolete source) OPENBSD:[3.8] 20060825 010: SECURITY FIX: August 25, 2006 URL:http://www.openbsd.org/errata38.html#sendmail3 OPENBSD:[3.9] 20060825 005: SECURITY FIX: August 25, 2006 URL:http://www.openbsd.org/errata.html#sendmail3 OSVDB:28193 URL:~~http://www.osvdb.org/28193~~ (Obsolete source) SECTRACK:1016753 URL:http://securitytracker.com/id?1016753 SECUNIA:21637 URL:http://secunia.com/advisories/21637 SECUNIA:21641 URL:http://secunia.com/advisories/21641 SECUNIA:21696 URL:http://secunia.com/advisories/21696 SECUNIA:21700 URL:http://secunia.com/advisories/21700 SECUNIA:21749 URL:http://secunia.com/advisories/21749 SECUNIA:22369 URL:http://secunia.com/advisories/22369 SUNALERT:102664 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1~~ (Obsolete source) SUSE:SUSE-SR:2006:021 URL:http://www.novell.com/linux/security/advisories/2006_21_sr.html VIM:20060829 Sendmail vendor dispute - CVE-2006-4434 (fwd) URL:http://www.attrition.org/pipermail/vim/2006-August/000999.html VUPEN:ADV-2006-3393 URL:~~http://www.vupen.com/english/advisories/2006/3393~~ (Obsolete source) VUPEN:ADV-2006-3994 URL:~~http://www.vupen.com/english/advisories/2006/3994~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20060828	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060828)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)