Vulnerability Note VU#146718

Sendmail fails to handle malformed multipart MIME messages

Original Release date: 15 Jun 2006 | Last revised: 22 Jul 2011

Overview

Sendmail does not properly handle malformed multipart MIME messages. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition.

Description

Sendmail

Sendmail is a widely used mail transfer agent (MTA).

Mail Transfer Agents (MTA)


MTAs are responsible for sending and receiving email messages over the internet. They are also referred to as mail servers or SMTP servers.

The Problem

Sendmail fails to properly handle malformed multipart MIME messages. This vulnerability may be triggered by sending a specially crafted message to a vulnerable Sendmail MTA.

Impact

This vulnerability will not cause the Sendmail server process to terminate. However, it may cause the Sendmail to consume a large amount of system resources. Specifically, if a system writes uniquely named core dump files, this vulnerability may cause available disk space to be filled with core dumps leading to a disruption of system operation resulting in a denial-of-service condition.
Additionally, this vulnerability may cause queue runs to abort; if this situation were to occur, processing and delivery of queued messages would be prevented.

Solution

Upgrade Sendmail
This issue is corrected in Sendmail version 8.13.7.


The following workarounds were provided by Sendmail:

Limit message size

Limiting the maximum message size accepted by your server (via the sendmail MaxMessageSize option) will mitigate this vulnerability.

Remove stack size limit

If your operating system limits stack size, remove that limit. This will make the attack more difficult to accomplish, as it will require a very large message. Also, by limiting the maximum message size accepted by your server (via the sendmail MaxMessageSize option), you can eliminate the attack completely.

Configure your MTA to avoid the negative impacts listed above:

  • Disable core dumps.
  • Enable the ForkEachJob option at the cost of lower queue run performance and potentially a high number of processes.
  • Set QueueSortOrder to random, which will randomize the order jobs are processed. Note that with random queue sorting, the bad message will still be processed and the queue run aborted every time, but at a different, random spot.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
FreeBSD, Inc.Affected09 May 200614 Jun 2006
Gentoo LinuxAffected09 May 200615 Jun 2006
IBM CorporationAffected09 May 200614 Jun 2006
NetBSDAffected09 May 200615 Jun 2006
Red Hat, Inc.Affected09 May 200614 Jun 2006
Sendmail ConsortiumAffected08 May 200614 Jun 2006
Sendmail, Inc.Affected-14 Jun 2006
Sun Microsystems, Inc.Affected09 May 200614 Jun 2006
Borderware TechnologiesNot Affected09 May 200625 May 2006
B.U.G., IncNot Affected-13 Jun 2006
Century Systems Inc.Not Affected-13 Jun 2006
Check Point Software TechnologiesNot Affected09 May 200627 Jun 2006
F5 Networks, Inc.Not Affected09 May 200615 May 2006
Force10 Networks, Inc.Not Affected09 May 200622 Jul 2011
Foundry Networks, Inc.Not Affected09 May 200614 Jun 2006
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Sendmail.

This document was written by Jeff Gennari based on information from Sendmail.

Other Information

  • CVE IDs: CVE-2006-1173
  • Date Public: 14 Jun 2006
  • Date First Published: 15 Jun 2006
  • Date Last Updated: 22 Jul 2011
  • Severity Metric: 13.51
  • Document Revision: 42

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.