|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#146718
Sendmail fails to handle malformed multipart MIME messages
OverviewSendmail does not properly handle malformed multipart MIME messages. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition.
I. DescriptionSendmail
Sendmail is a widely used mail transfer agent (MTA).
Mail Transfer Agents (MTA)
MTAs are responsible for sending an receiving email messages over the internet. They are also referred to as mail servers or SMTP servers.
The Problem
Sendmail fails to properly handle malformed mulitpart MIME messages. This vulnerability may be triggered by sending a specially crafted message to a vulnerable Sendmail MTA.
II. ImpactThis vulnerability will not cause the Sendmail server process to terminate. However, it may cause the Sendmail to consume a large amount of system resources. Specifically, if a system writes uniquely named core dump files, this vulnerability may cause available disk space to be filled with core dumps leading to a disruption of system operation resulting in a denial-of-service condition.
Additionally, this vulnerability may cause queue runs to abort; if this situation were to occur, processing and delivery of queued messages would be prevented.
III. SolutionUpgrade Sendmail
This issue is corrected in Sendmail version 8.13.7.
The following workarounds were provided by Sendmail:
Limit message size
Limiting the maximum message size accepted by your server (via the sendmail MaxMessageSize option) will mitigate this vulnerability.
Remove stack size limit
If your operating system limits stack size, remove that limit. This will make the attack more difficult to accomplish, as it will require a very large message. Also, by limiting the maximum message size accepted by your server (via the sendmail MaxMessageSize option), you can eliminate the attack completely.
Configure your MTA to avoid the negative impacts listed above:
- Disable core dumps.
- Enable the ForkEachJob option at the cost of lower queue run performance and potentially a high number of processes.
- Set QueueSortOrder to random, which will randomize the order jobs are processed. Note that with random queue sorting, the bad message will still be processed and the queue run aborted every time, but at a different, random spot.
Systems Affected
| Vendor | Status | Date Updated |
|---|
| 3com, Inc. | Unknown | 10-May-2006 |
| Alcatel | Unknown | 10-May-2006 |
| Apple Computer, Inc. | Unknown | 10-May-2006 |
| AT&T | Unknown | 10-May-2006 |
| Avaya, Inc. | Unknown | 10-May-2006 |
| Avici Systems, Inc. | Unknown | 10-May-2006 |
| Borderware Technologies | Not Vulnerable | 26-May-2006 |
| B.U.G., Inc | Not Vulnerable | 14-Jun-2006 |
| Century Systems Inc. | Not Vulnerable | 14-Jun-2006 |
| Charlotte's Web Networks | Unknown | 10-May-2006 |
| Check Point Software Technologies | Not Vulnerable | 27-Jun-2006 |
| Chiaro Networks, Inc. | Unknown | 10-May-2006 |
| Cisco Systems, Inc. | Unknown | 10-May-2006 |
| Computer Associates | Unknown | 10-May-2006 |
| Conectiva Inc. | Unknown | 10-May-2006 |
| Cray Inc. | Unknown | 10-May-2006 |
| D-Link Systems, Inc. | Unknown | 10-May-2006 |
| Data Connection, Ltd. | Unknown | 10-May-2006 |
| Debian GNU/Linux | Unknown | 10-May-2006 |
| DragonFly BSD Project | Unknown | 10-May-2006 |
| EMC, Inc. (formerly Data General Corporation) | Unknown | 10-May-2006 |
| Engarde Secure Linux | Unknown | 10-May-2006 |
| Ericsson | Unknown | 10-May-2006 |
| eSoft, Inc. | Unknown | 10-May-2006 |
| Extreme Networks | Unknown | 10-May-2006 |
| F5 Networks, Inc. | Not Vulnerable | 16-May-2006 |
| Fedora Project | Unknown | 10-May-2006 |
| Force10 Networks, Inc. | Unknown | 10-May-2006 |
| Fortinet, Inc. | Unknown | 10-May-2006 |
| Foundry Networks, Inc. | Not Vulnerable | 15-Jun-2006 |
| FreeBSD, Inc. | Vulnerable | 15-Jun-2006 |
| Fujitsu | Not Vulnerable | 15-Jun-2006 |
| Gentoo Linux | Vulnerable | 16-Jun-2006 |
| Global Technology Associates | Not Vulnerable | 27-Jun-2006 |
| GNU netfilter | Unknown | 10-May-2006 |
| Hewlett-Packard Company | Unknown | 10-May-2006 |
| Hitachi | Not Vulnerable | 15-Jun-2006 |
| Hyperchip | Unknown | 10-May-2006 |
| IBM Corporation | Vulnerable | 15-Jun-2006 |
| IBM Corporation (zseries) | Unknown | 10-May-2006 |
| IBM eServer | Unknown | 10-May-2006 |
| Immunix Communications, Inc. | Unknown | 10-May-2006 |
| Ingrian Networks, Inc. | Unknown | 10-May-2006 |
| Intel Corporation | Unknown | 10-May-2006 |
| Internet Initiative Japan | Not Vulnerable | 14-Jun-2006 |
| Internet Security Systems, Inc. | Unknown | 10-May-2006 |
| Intoto | Not Vulnerable | 10-May-2006 |
| IP Filter | Unknown | 10-May-2006 |
| Juniper Networks, Inc. | Unknown | 10-May-2006 |
| Justsystem Corporation | Not Vulnerable | 14-Jun-2006 |
| Linksys (A division of Cisco Systems) | Unknown | 10-May-2006 |
| Lotus Software | Not Vulnerable | 11-May-2006 |
| Lucent Technologies | Unknown | 10-May-2006 |
| Luminous Networks | Unknown | 10-May-2006 |
| Mandriva, Inc. | Unknown | 10-May-2006 |
| Microsoft Corporation | Unknown | 10-May-2006 |
| Mirapoint, Inc. | Not Vulnerable | 15-Jul-2006 |
| MontaVista Software, Inc. | Unknown | 10-May-2006 |
| Multinet (owned Process Software Corporation) | Unknown | 10-May-2006 |
| Multitech, Inc. | Unknown | 10-May-2006 |
| NEC Corporation | Not Vulnerable | 15-Jun-2006 |
| NetBSD | Vulnerable | 15-Jun-2006 |
| Network Appliance, Inc. | Not Vulnerable | 13-May-2006 |
| NextHop Technologies, Inc. | Unknown | 10-May-2006 |
| Nokia | Unknown | 10-May-2006 |
| Nortel Networks, Inc. | Not Vulnerable | 17-Jun-2006 |
| Novell, Inc. | Unknown | 10-May-2006 |
| OpenBSD | Unknown | 8-Jun-2006 |
| Openwall GNU/*/Linux | Not Vulnerable | 10-May-2006 |
| Oracle Corporation | Not Vulnerable | 16-May-2006 |
| QNX, Software Systems, Inc. | Unknown | 10-May-2006 |
| Red Hat, Inc. | Vulnerable | 14-Jun-2006 |
| Redback Networks, Inc. | Not Vulnerable | 9-Jun-2006 |
| Riverstone Networks, Inc. | Unknown | 10-May-2006 |
| Secure Computing Network Security Division | Not Vulnerable | 22-Jun-2006 |
| Secureworx, Inc. | Unknown | 31-May-2006 |
| Sendmail Consortium | Vulnerable | 15-Jun-2006 |
| Sendmail, Inc. | Vulnerable | 15-Jun-2006 |
| Silicon Graphics, Inc. | Unknown | 10-May-2006 |
| Slackware Linux Inc. | Unknown | 10-May-2006 |
| Sony Corporation | Unknown | 10-May-2006 |
| Stonesoft | Unknown | 13-May-2006 |
| Sun Microsystems, Inc. | Vulnerable | 14-Jun-2006 |
| SUSE Linux | Unknown | 10-May-2006 |
| Symantec, Inc. | Unknown | 10-May-2006 |
| Syntegra | Not Vulnerable | 15-Jun-2006 |
| The SCO Group | Unknown | 15-Jun-2006 |
| The SCO Group (SCO Unix) | Unknown | 28-May-2006 |
| Trustix Secure Linux | Unknown | 10-May-2006 |
| Turbolinux | Unknown | 10-May-2006 |
| Ubuntu | Unknown | 10-May-2006 |
| Unisys | Unknown | 10-May-2006 |
| Watchguard Technologies, Inc. | Unknown | 10-May-2006 |
| Wind River Systems, Inc. | Unknown | 10-May-2006 |
| Yamaha Corporation | Not Vulnerable | 14-Jun-2006 |
| Yokogawa Electric Corporation | Not Vulnerable | 14-Jun-2006 |
| ZyXEL | Unknown | 10-May-2006 |
References
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
http://www.sendmail.org/releases/8.13.7.html
http://www.sendmail.org/releases/8.13.7.html#RS
http://jvn.jp/cert/JVNVU%23146718/index.html
http://secunia.com/advisories/20473/
http://secunia.com/advisories/15779/
http://secunia.com/advisories/20641/
http://secunia.com/advisories/20673/
http://secunia.com/advisories/20650/
http://secunia.com/advisories/20654/
http://secunia.com/advisories/20651/
http://secunia.com/advisories/20683/
Credit
This vulnerability was reported by Sendmail.
This document was written by Jeff Gennari based on information from Sendmail.
Other Information
| Date Public | 06/14/2006 |
| Date First Published | 06/15/2006 07:09:51 AM |
| Date Last Updated | 10/03/2006 |
| CERT Advisory | |
| CVE Name | CVE-2006-1173 |
| US-CERT Technical Alerts | |
| Metric | 13.51 |
| Document Revision | 41 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader