Vulnerability Note VU#146718
Sendmail fails to handle malformed multipart MIME messages
Sendmail does not properly handle malformed multipart MIME messages. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition.
This vulnerability will not cause the Sendmail server process to terminate. However, it may cause the Sendmail to consume a large amount of system resources. Specifically, if a system writes uniquely named core dump files, this vulnerability may cause available disk space to be filled with core dumps leading to a disruption of system operation resulting in a denial-of-service condition.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|FreeBSD, Inc.||Affected||09 May 2006||14 Jun 2006|
|Gentoo Linux||Affected||09 May 2006||15 Jun 2006|
|IBM Corporation||Affected||09 May 2006||14 Jun 2006|
|NetBSD||Affected||09 May 2006||15 Jun 2006|
|Red Hat, Inc.||Affected||09 May 2006||14 Jun 2006|
|Sendmail Consortium||Affected||08 May 2006||14 Jun 2006|
|Sendmail, Inc.||Affected||-||14 Jun 2006|
|Sun Microsystems, Inc.||Affected||09 May 2006||14 Jun 2006|
|Borderware Technologies||Not Affected||09 May 2006||25 May 2006|
|B.U.G., Inc||Not Affected||-||13 Jun 2006|
|Century Systems Inc.||Not Affected||-||13 Jun 2006|
|Check Point Software Technologies||Not Affected||09 May 2006||27 Jun 2006|
|F5 Networks, Inc.||Not Affected||09 May 2006||15 May 2006|
|Force10 Networks, Inc.||Not Affected||09 May 2006||22 Jul 2011|
|Foundry Networks, Inc.||Not Affected||09 May 2006||14 Jun 2006|
CVSS Metrics (Learn More)
This vulnerability was reported by Sendmail.
This document was written by Jeff Gennari based on information from Sendmail.
- CVE IDs: CVE-2006-1173
- Date Public: 14 Jun 2006
- Date First Published: 15 Jun 2006
- Date Last Updated: 22 Jul 2011
- Severity Metric: 13.51
- Document Revision: 42
If you have feedback, comments, or additional information about this vulnerability, please send us email.