|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#834865
Sendmail signal I/O race condition
OverviewA race condition in Sendmail may allow a remote attacker to execute arbitrary code.
I. DescriptionSendmail
Sendmail is a widely used mail transfer agent (MTA).
Mail Transfer Agents (MTA)
MTAs are responsible for sending an receiving email messages over the internet. They are also referred to as mail servers or SMTP servers.
The Problem
Sendmail contains a race condition caused by the improper handling of asynchronous signals. In particular, by forcing SMTP server to have an I/O timeout at exactly the correct instant, the attacker may be able to execute arbitrary code with the privileges of the Sendmail process.
More information is available in the Sendmail version 8.13.6 release page and the Sendmail MTA Security Vulnerability Advisory.
This vulnerability occurred as a result of failing to comply with recommndations SIG32-C and SIG30-C of the CERT C Programming Language Secure Coding Standard.
Considerations
Versions of Sendmail prior to 8.13.6 are affected.
II. ImpactA remote, unauthenticated attacker could execute arbitrary code with the privileges of the Sendmail process. If Sendmail is running as root, the attacker could take complete control of an affected system.
III. SolutionUpgrade
This issue is corrected in Sendmail version 8.13.6.
Patches to correct this issue in Sendmail versions 8.12.11 and 8.13.5 are also available.
Refer to the Sendmail MTA Security Vulnerability Advisory for steps to reduce the impact of this vulnerability
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|
| 3com, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Alcatel | Unknown | 2006-03-08 | 2006-03-08 |
| Apple Computer, Inc. | Not Vulnerable | 2006-03-08 | 2006-03-22 |
| AT&T | Unknown | 2006-03-08 | 2006-03-08 |
| Avaya, Inc. | Not Vulnerable | 2006-03-08 | 2006-03-09 |
| Avici Systems, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Borderware Technologies | Not Vulnerable | 2006-03-08 | 2006-03-21 |
| Charlotte's Web Networks | Unknown | 2006-03-08 | 2006-03-08 |
| Check Point Software Technologies | Not Vulnerable | 2006-03-08 | 2006-03-09 |
| Chiaro Networks, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Cisco Systems, Inc. | Unknown | 2006-03-08 | 2006-03-16 |
| Computer Associates | Unknown | 2006-03-08 | 2006-03-08 |
| Conectiva Inc. | Unknown | 2006-03-09 | 2006-03-09 |
| Cray Inc. | Unknown | 2006-03-09 | 2006-03-09 |
| D-Link Systems, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Data Connection, Ltd. | Unknown | 2006-03-08 | 2006-03-08 |
| Debian GNU/Linux | Unknown | 2006-03-09 | 2006-03-09 |
| EMC, Inc. (formerly Data General Corporation) | Unknown | 2006-03-08 | 2006-03-08 |
| Engarde Secure Linux | Unknown | 2006-03-08 | 2006-03-08 |
| Ericsson | Unknown | 2006-03-08 | 2006-03-08 |
| eSoft, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Extreme Networks | Unknown | 2006-03-08 | 2006-03-08 |
| F5 Networks, Inc. | Not Vulnerable | 2006-03-08 | 2006-03-22 |
| Fedora Project | Vulnerable | 2006-03-08 | 2006-03-21 |
| Force10 Networks, Inc. | Not Affected | 2006-03-08 | 2011-07-22 |
| Fortinet, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Foundry Networks, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| FreeBSD, Inc. | Vulnerable | 2006-03-08 | 2006-03-30 |
| Fujitsu | Unknown | 2006-03-08 | 2006-03-08 |
| Gentoo Linux | Vulnerable | 2006-03-08 | 2006-03-22 |
| Global Technology Associates | Unknown | 2006-03-08 | 2006-03-08 |
| GNU netfilter | Unknown | 2006-03-08 | 2006-03-08 |
| Hewlett-Packard Company | Vulnerable | 2006-03-08 | 2006-03-27 |
| Hitachi | Unknown | 2006-03-08 | 2006-03-08 |
| Hyperchip | Unknown | 2006-03-08 | 2006-03-08 |
| IBM Corporation | Vulnerable | 2006-03-15 | 2006-03-22 |
| IBM Corporation (zseries) | Unknown | 2006-03-08 | 2006-03-08 |
| IBM eServer | Unknown | 2006-03-08 | 2006-03-23 |
| Immunix Communications, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Ingrian Networks, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Intel Corporation | Unknown | 2006-03-08 | 2006-03-08 |
| Internet Security Systems, Inc. | Not Vulnerable | 2006-03-06 | 2006-03-23 |
| Intoto | Not Vulnerable | 2006-03-08 | 2006-03-09 |
| IP Filter | Unknown | 2006-03-08 | 2006-03-08 |
| Juniper Networks, Inc. | Not Vulnerable | 2006-03-08 | 2006-03-22 |
| Linksys (A division of Cisco Systems) | Unknown | 2006-03-08 | 2006-03-08 |
| Lotus Software | Not Vulnerable | 2006-03-08 | 2006-03-21 |
| Lucent Technologies | Unknown | 2006-03-08 | 2006-03-08 |
| Luminous Networks | Unknown | 2006-03-08 | 2006-03-08 |
| Mandriva, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Microsoft Corporation | Unknown | 2006-03-08 | 2006-03-08 |
| Mirapoint, Inc. | Not Vulnerable | 2006-03-08 | 2006-03-23 |
| MontaVista Software, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Multinet (owned Process Software Corporation) | Unknown | 2006-03-08 | 2006-03-08 |
| Multitech, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| NEC Corporation | Not Vulnerable | 2006-03-08 | 2006-03-22 |
| NetBSD | Vulnerable | 2006-03-08 | 2006-04-03 |
| Network Appliance, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| NextHop Technologies, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Nokia | Unknown | 2006-03-21 | 2006-03-21 |
| Nortel Networks, Inc. | Not Vulnerable | 2006-03-08 | 2006-03-23 |
| Novell, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| OpenBSD | Vulnerable | 2006-03-21 | 2006-03-27 |
| Openwall GNU/*/Linux | Not Vulnerable | 2006-03-08 | 2006-03-09 |
| Oracle Corporation | Unknown | 2006-03-08 | 2006-03-08 |
| QNX, Software Systems, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Red Hat, Inc. | Vulnerable | 2006-03-08 | 2006-03-21 |
| Redback Networks, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Riverstone Networks, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Secure Computing Network Security Division | Not Vulnerable | 2006-03-08 | 2006-03-20 |
| Sendmail.org | Vulnerable | 2006-02-27 | 2006-03-21 |
| Silicon Graphics, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Slackware Linux Inc. | Vulnerable | 2006-03-08 | 2006-03-24 |
| Sony Corporation | Unknown | 2006-03-08 | 2006-03-08 |
| Sun Microsystems, Inc. | Vulnerable | 2006-03-08 | 2006-03-27 |
| SUSE Linux | Vulnerable | 2006-03-08 | 2006-03-21 |
| Symantec, Inc. | Not Vulnerable | 2006-03-08 | 2006-04-17 |
| Syntegra | Unknown | 2006-03-08 | 2006-03-08 |
| Trustix Secure Linux | Unknown | 2006-03-08 | 2006-03-08 |
| Turbolinux | Vulnerable | 2006-03-08 | 2006-03-29 |
| Ubuntu | Vulnerable | 2006-03-08 | 2006-03-22 |
| Unisys | Unknown | 2006-03-08 | 2006-03-08 |
| Watchguard Technologies, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| Wind River Systems, Inc. | Unknown | 2006-03-08 | 2006-03-08 |
| ZyXEL | Unknown | 2006-03-08 | 2006-03-08 |
References
https://www.securecoding.cert.org/confluence/x/lwAV
https://www.securecoding.cert.org/confluence/x/34At
http://www.sendmail.org/8.13.6.html
http://www.sendmail.com/company/advisory
ftp://ftp.sendmail.org/pub/sendmail/8.13.5.p0
ftp://ftp.sendmail.org/pub/sendmail/8.12.11.p0
http://xforce.iss.net/xforce/alerts/id/216
Credit
Thanks to Sendmail Inc. for reporting this vulnerability. Sendmail credits Internet Security Systems with providing information about this issue.
This document was written by Jeff Gennari.
Other Information
| Date Public: | 2006-03-22 |
| Date First Published: | 2006-03-22 |
| Date Last Updated: | 2011-07-22 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2006-0058 |
| NVD-ID(s): | CVE-2006-0058 |
| US-CERT Technical Alerts: | TA06-081A |
| Severity Metric: | 19.88 |
| Document Revision: | 91 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
