Results 1 to 9 of 9

Thread: Sendmail code execution vuln announced (CVE-2006-0058)

  1. #1

    Sendmail code execution vuln announced (CVE-2006-0058)

    A new race condition affecting versions of Sendmail prior to 8.13.6 has been announced. The risk is it could allow an attacker to execute code.

    Links...
    US-CERT posting
    Sendmail patch
    RedHat release
    Vulnerability Note VU#834865
    Sendmail contains a race condition
    Overview
    A race condition in Sendmail may allow a remote attacker to execute arbitrary code.
    I. Description
    Sendmail
    Sendmail is a widely used mail transfer agent (MTA).

    Mail Transfer Agents (MTA)

    MTAs are responsible for sending an receiving email messages over the internet. They are also referred to as mail servers or SMTP servers.

    The Problem

    Sendmail contains a race condition caused by the improper handling of asynchronous signals. In particular, by forcing SMTP server to have an I/O timeout at exactly the correct instant, the attacker may be able to execute arbitrary code with the privileges of the Sendmail process.

    More information is available in the Sendmail version 8.13.6 release page and the Sendmail MTA Security Vulnerability Advisory.

    Considerations

    Versions of Sendmail prior to 8.13.6 are affected.


    II. Impact
    A remote, unauthenticated attacker could execute arbitrary code with the privileges of the Sendmail process. If Sendmail is running as root, the attacker could take complete control of an affected system.
    III. Solution
    Upgrade
    This issue is corrected in Sendmail version 8.13.6.

    Patches to correct this issue in Sendmail versions 8.12.11 and 8.13.5 are also available

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Above thread has been merged as the subject matter is duplicated


  3. #3
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    Finally a new sendmail vulnerability
    If that doesnt have malicious intentions all over it. BTW Welcome to AO.

  4. #4
    I didn't do it.

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey,

    This is part of the reason why AO is considered to be a "**** hole" by so many.. good, informative, up-to-date news is posted... exactly what should be posted.. and people neg the thread... idiots... and people neg a poster... why... because of the title of his post??? He still posted worthwhile information... it was merged if you read further down.. that's why it was repeated info... The title of his post was originally the title of a thread... sheesh.... this is really sad..

    Anyways I've removed the offending post and boosted the status of this with a few well placed greenies..

    Peace,
    HT

  6. #6
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    Originally posted here by HTRegz
    ... people neg the thread... idiots... and people neg a poster... why... because of the title of his post??? He still posted worthwhile information... it was merged if you read further down.. that's why it was repeated info... The title of his post was originally the title of a thread... sheesh.... this is really sad...
    Well, it looks like hell has frozen over, the day has finally come when I agree with HT. j/k!

    That is a major concern of mine. Good threads get screwed because of that very often. Glad to see I am not alone on that one.

    Thanks HT,
    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  7. #7
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    and people neg a poster... why... because of the title of his post???
    I negged him because I don't like him. Had nothing to do with the 'title of his thread' BTW 'Welcome to AO' Ludakot.

  8. #8
    This is part of the reason why AO is considered to be a "**** hole" by so many..

    I negged him because I don't like him.
    Yeah.... ^^ That's the reason AO is becoming a shithole. It's the low quality of members... and of course UNREASONABLE bannings.

  9. #9
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    It's a shithole because of wankers like you. By the way look familiar?

    24.215.91.247 Linux Apache/2.0.55 Trustix Secure Linux/Linux mod_ssl/2.0.55 OpenSSL/0.9.7i mod_mono/1.1.13 PHP/5.0.5 mod_python/3.1.4 Python/2.3.5 mod_perl/2.0.0 Perl/v5.8.7
    It's the low quality of members.
    Thats what you think. Proves you don't know ****. Smarter than your assumptions.

    Cheers,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •