SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#146718

Sendmail fails to handle malformed multipart MIME messages

Overview

Sendmail does not properly handle malformed multipart MIME messages. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition.

I. Description

Sendmail

Sendmail is a widely used mail transfer agent (MTA).

Mail Transfer Agents (MTA)

MTAs are responsible for sending and receiving email messages over the internet. They are also referred to as mail servers or SMTP servers.

The Problem

Sendmail fails to properly handle malformed multipart MIME messages. This vulnerability may be triggered by sending a specially crafted message to a vulnerable Sendmail MTA.

II. Impact

This vulnerability will not cause the Sendmail server process to terminate. However, it may cause the Sendmail to consume a large amount of system resources. Specifically, if a system writes uniquely named core dump files, this vulnerability may cause available disk space to be filled with core dumps leading to a disruption of system operation resulting in a denial-of-service condition.

Additionally, this vulnerability may cause queue runs to abort; if this situation were to occur, processing and delivery of queued messages would be prevented.

III. Solution

Upgrade Sendmail

This issue is corrected in Sendmail version 8.13.7.

The following workarounds were provided by Sendmail:

Limit message size

Limiting the maximum message size accepted by your server (via the sendmail MaxMessageSize option) will mitigate this vulnerability.

Remove stack size limit

If your operating system limits stack size, remove that limit. This will make the attack more difficult to accomplish, as it will require a very large message. Also, by limiting the maximum message size accepted by your server (via the sendmail MaxMessageSize option), you can eliminate the attack completely.

Configure your MTA to avoid the negative impacts listed above:

  • Disable core dumps.
  • Enable the ForkEachJob option at the cost of lower queue run performance and potentially a high number of processes.
  • Set QueueSortOrder to random, which will randomize the order jobs are processed. Note that with random queue sorting, the bad message will still be processed and the queue run aborted every time, but at a different, random spot.

Systems Affected
VendorStatusDate NotifiedDate Updated
3com, Inc.Unknown2006-05-092006-05-09
AlcatelUnknown2006-05-092006-05-09
Apple Computer, Inc.Unknown2006-05-092006-05-09
AT&TUnknown2006-05-092006-05-09
Avaya, Inc.Unknown2006-05-092006-05-09
Avici Systems, Inc.Unknown2006-05-092006-05-09
Borderware TechnologiesNot Vulnerable2006-05-092006-05-25
B.U.G., IncNot Vulnerable2006-06-13
Century Systems Inc.Not Vulnerable2006-06-13
Charlotte's Web NetworksUnknown2006-05-092006-05-09
Check Point Software TechnologiesNot Vulnerable2006-05-092006-06-27
Chiaro Networks, Inc.Unknown2006-05-092006-05-09
Cisco Systems, Inc.Unknown2006-05-092006-05-09
Computer AssociatesUnknown2006-05-092006-05-09
Conectiva Inc.Unknown2006-05-092006-05-09
Cray Inc.Unknown2006-05-092006-05-09
D-Link Systems, Inc.Unknown2006-05-092006-05-09
Data Connection, Ltd.Unknown2006-05-092006-05-09
Debian GNU/LinuxUnknown2006-05-092006-05-09
DragonFly BSD ProjectUnknown2006-05-092006-05-09
EMC, Inc. (formerly Data General Corporation)Unknown2006-05-092006-05-09
Engarde Secure LinuxUnknown2006-05-092006-05-09
EricssonUnknown2006-05-092006-05-09
eSoft, Inc.Unknown2006-05-092006-05-09
Extreme NetworksUnknown2006-05-092006-05-09
F5 Networks, Inc.Not Vulnerable2006-05-092006-05-15
Fedora ProjectUnknown2006-05-092006-05-09
Force10 Networks, Inc.Not Affected2006-05-092011-07-22
Fortinet, Inc.Unknown2006-05-092006-05-09
Foundry Networks, Inc.Not Vulnerable2006-05-092006-06-14
FreeBSD, Inc.Vulnerable2006-05-092006-06-14
FujitsuNot Vulnerable2006-05-092006-06-15
Gentoo LinuxVulnerable2006-05-092006-06-15
Global Technology AssociatesNot Vulnerable2006-05-092006-06-26
GNU netfilterUnknown2006-05-092006-05-09
Hewlett-Packard CompanyUnknown2006-05-092006-05-09
HitachiNot Vulnerable2006-05-092006-06-15
HyperchipUnknown2006-05-092006-05-09
IBM CorporationVulnerable2006-05-092006-06-14
IBM Corporation (zseries)Unknown2006-05-092006-05-09
IBM eServerUnknown2006-05-092006-05-10
Immunix Communications, Inc.Unknown2006-05-092006-05-09
Ingrian Networks, Inc.Unknown2006-05-092006-05-09
Intel CorporationUnknown2006-05-092006-05-09
Internet Initiative JapanNot Vulnerable2006-06-13
Internet Security Systems, Inc.Unknown2006-05-092006-05-09
IntotoNot Vulnerable2006-05-092006-05-10
IP FilterUnknown2006-05-092006-05-09
Juniper Networks, Inc.Unknown2006-05-092006-05-09
Justsystem CorporationNot Vulnerable2006-06-13
Linksys (A division of Cisco Systems)Unknown2006-05-092006-05-09
Lotus SoftwareNot Vulnerable2006-05-092006-05-10
Lucent TechnologiesUnknown2006-05-092006-05-09
Luminous NetworksUnknown2006-05-092006-05-09
Mandriva, Inc.Unknown2006-05-092006-05-09
Microsoft CorporationUnknown2006-05-092006-05-09
Mirapoint, Inc.Not Vulnerable2006-05-092006-07-14
MontaVista Software, Inc.Unknown2006-05-092006-05-09
Multinet (owned Process Software Corporation)Unknown2006-05-092006-05-09
Multitech, Inc.Unknown2006-05-092006-05-09
NEC CorporationNot Vulnerable2006-05-092006-06-15
NetBSDVulnerable2006-05-092006-06-15
Network Appliance, Inc.Not Vulnerable2006-05-092006-05-12
NextHop Technologies, Inc.Unknown2006-05-092006-05-09
NokiaUnknown2006-05-092006-05-09
Nortel Networks, Inc.Not Vulnerable2006-05-092006-06-16
Novell, Inc.Unknown2006-05-092006-05-09
OpenBSDUnknown2006-06-072006-06-07
Openwall GNU/*/LinuxNot Vulnerable2006-05-092006-05-10
Oracle CorporationNot Vulnerable2006-05-092006-05-16
QNX, Software Systems, Inc.Unknown2006-05-092006-05-09
Red Hat, Inc.Vulnerable2006-05-092006-06-14
Redback Networks, Inc.Not Vulnerable2006-05-092006-06-09
Riverstone Networks, Inc.Unknown2006-05-092006-05-09
Secure Computing Network Security DivisionNot Vulnerable2006-05-092006-06-21
Secureworx, Inc.Unknown2006-05-312006-05-31
Sendmail ConsortiumVulnerable2006-05-082006-06-14
Sendmail, Inc.Vulnerable2006-06-14
Silicon Graphics, Inc.Unknown2006-05-092006-05-09
Slackware Linux Inc.Unknown2006-05-092006-05-09
Sony CorporationUnknown2006-05-092006-05-09
StonesoftUnknown2006-05-122006-05-12
Sun Microsystems, Inc.Vulnerable2006-05-092006-06-14
SUSE LinuxUnknown2006-05-092006-05-09
Symantec, Inc.Unknown2006-05-092006-05-09
SyntegraNot Vulnerable2006-05-092006-06-14
The SCO GroupUnknown2006-06-142006-06-14
The SCO Group (SCO Unix)Unknown2006-05-272006-05-27
Trustix Secure LinuxUnknown2006-05-092006-05-09
TurbolinuxUnknown2006-05-092006-05-09
UbuntuUnknown2006-05-092006-05-10
UnisysUnknown2006-05-092006-05-09
Watchguard Technologies, Inc.Unknown2006-05-092006-05-09
Wind River Systems, Inc.Unknown2006-05-092006-05-09
Yamaha CorporationNot Vulnerable2006-06-13
Yokogawa Electric CorporationNot Vulnerable2006-06-13
ZyXELUnknown2006-05-092006-05-09

References

http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
http://www.sendmail.org/releases/8.13.7.html
http://www.sendmail.org/releases/8.13.7.html#RS
http://jvn.jp/cert/JVNVU%23146718/index.html
http://secunia.com/advisories/20473/
http://secunia.com/advisories/15779/
http://secunia.com/advisories/20641/
http://secunia.com/advisories/20673/
http://secunia.com/advisories/20650/
http://secunia.com/advisories/20654/
http://secunia.com/advisories/20651/
http://secunia.com/advisories/20683/

Credit

This vulnerability was reported by Sendmail.

This document was written by Jeff Gennari based on information from Sendmail.

Other Information

Date Public:2006-06-14
Date First Published:2006-06-15
Date Last Updated:2011-07-22
CERT Advisory: 
CVE-ID(s):CVE-2006-1173
NVD-ID(s):CVE-2006-1173
US-CERT Technical Alerts: 
Severity Metric:13.51
Document Revision:42

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get a PDF Reader