Vulnerability Note VU#834865

Sendmail signal I/O race condition

Original Release date: 22 Mar 2006 | Last revised: 22 Jul 2011

Overview

A race condition in Sendmail may allow a remote attacker to execute arbitrary code.

Description

Sendmail

Sendmail is a widely used mail transfer agent (MTA).

Mail Transfer Agents (MTA)

MTAs are responsible for sending an receiving email messages over the internet. They are also referred to as mail servers or SMTP servers.

The Problem

Sendmail contains a race condition caused by the improper handling of asynchronous signals. In particular, by forcing SMTP server to have an I/O timeout at exactly the correct instant, the attacker may be able to execute arbitrary code with the privileges of the Sendmail process.

More information is available in the Sendmail version 8.13.6 release page and the Sendmail MTA Security Vulnerability Advisory.

This vulnerability occurred as a result of failing to comply with recommndations SIG32-C and SIG30-C of the CERT C Programming Language Secure Coding Standard.

Considerations

Versions of Sendmail prior to 8.13.6 are affected.

Impact

A remote, unauthenticated attacker could execute arbitrary code with the privileges of the Sendmail process. If Sendmail is running as root, the attacker could take complete control of an affected system.

Solution

Upgrade

This issue is corrected in Sendmail version 8.13.6.

Patches to correct this issue in Sendmail versions 8.12.11 and 8.13.5 are also available.


Refer to the Sendmail MTA Security Vulnerability Advisory for steps to reduce the impact of this vulnerability

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Fedora ProjectAffected08 Mar 200621 Mar 2006
FreeBSD, Inc.Affected08 Mar 200630 Mar 2006
Gentoo LinuxAffected08 Mar 200622 Mar 2006
Hewlett-Packard CompanyAffected08 Mar 200627 Mar 2006
IBM CorporationAffected15 Mar 200622 Mar 2006
NetBSDAffected08 Mar 200603 Apr 2006
OpenBSDAffected21 Mar 200627 Mar 2006
Red Hat, Inc.Affected08 Mar 200621 Mar 2006
Sendmail.orgAffected27 Feb 200621 Mar 2006
Slackware Linux Inc.Affected08 Mar 200624 Mar 2006
Sun Microsystems, Inc.Affected08 Mar 200627 Mar 2006
SUSE LinuxAffected08 Mar 200621 Mar 2006
TurbolinuxAffected08 Mar 200629 Mar 2006
UbuntuAffected08 Mar 200622 Mar 2006
Apple Computer, Inc.Not Affected08 Mar 200622 Mar 2006
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Sendmail Inc. for reporting this vulnerability. Sendmail credits Internet Security Systems with providing information about this issue.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CVE-2006-0058
  • US-CERT Alert: TA06-081A
  • Date Public: 22 Mar 2006
  • Date First Published: 22 Mar 2006
  • Date Last Updated: 22 Jul 2011
  • Severity Metric: 19.88
  • Document Revision: 91

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.