Executive Summary

Informations
NameCVE-2006-0058First vendor Publication2006-03-22
VendorCveLast vendor Modification2018-10-19

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score7.6Attack RangeNetwork
Cvss Impact Score10Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1689
 
Oval ID: oval:org.mitre.oval:def:1689
Title: Sendmail setjmp longjmp bo (Red Hat Internal)
Description: Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0058
Version: 5
Platform(s): Red Hat Linux 9
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s): Sendmail
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11074
 
Oval ID: oval:org.mitre.oval:def:11074
Title: Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
Description: Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0058
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application6

OpenVAS Exploits

DateDescription
2009-10-10Name : SLES9: Security update for sendmail
File : nvt/sles9p5014827.nasl
2009-05-05Name : HP-UX Update for sendmail HPSBUX02108
File : nvt/gb_hp_ux_HPSBUX02108.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200603-21 (sendmail)
File : nvt/glsa_200603_21.nasl
2008-09-04Name : FreeBSD Security Advisory (FreeBSD-SA-06:13.sendmail.asc)
File : nvt/freebsdsa_sendmail1.nasl
2008-09-04Name : FreeBSD Ports: sendmail
File : nvt/freebsd_sendmail.nasl
2008-01-17Name : Debian Security Advisory DSA 1015-1 (sendmail)
File : nvt/deb_1015_1.nasl
0000-00-00Name : Slackware Advisory SSA:2006-081-01 sendmail
File : nvt/esoft_slk_ssa_2006_081_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
24037Sendmail Signal Handler Race Condition Remote Overflow

Snort® IPS/IDS

DateDescription
2014-01-10headers too long server response
RuleID : 5739 - Revision : 8 - Type : SERVER-MAIL
2014-01-10Sendmail smtp timeout buffer overflow attempt
RuleID : 16057 - Revision : 7 - Type : SERVER-MAIL

Nessus® Vulnerability Scanner

DateDescription
2013-03-13Name : The remote AIX host is missing a vendor-supplied security patch.
File : aix_U805069.nasl - Type : ACT_GATHER_INFO
2013-03-13Name : The remote AIX host is missing a vendor-supplied security patch.
File : aix_U806006.nasl - Type : ACT_GATHER_INFO
2007-09-25Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_35483.nasl - Type : ACT_GATHER_INFO
2007-09-25Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_35484.nasl - Type : ACT_GATHER_INFO
2007-09-25Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_35485.nasl - Type : ACT_GATHER_INFO
2006-10-14Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1015.nasl - Type : ACT_GATHER_INFO
2006-08-08Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_34927.nasl - Type : ACT_GATHER_INFO
2006-07-03Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0264.nasl - Type : ACT_GATHER_INFO
2006-06-06Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_32006.nasl - Type : ACT_GATHER_INFO
2006-05-13Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_08ac7b8bbb3011dab2fb000e0c2e438a.nasl - Type : ACT_GATHER_INFO
2006-04-08Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-193.nasl - Type : ACT_GATHER_INFO
2006-04-08Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-194.nasl - Type : ACT_GATHER_INFO
2006-03-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0264.nasl - Type : ACT_GATHER_INFO
2006-03-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0265.nasl - Type : ACT_GATHER_INFO
2006-03-23Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2006-081-01.nasl - Type : ACT_GATHER_INFO
2006-03-23Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-058.nasl - Type : ACT_GATHER_INFO
2006-03-23Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200603-21.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 114137-10
File : solaris9_x86_114137.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 113575-11
File : solaris9_113575.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 110615-18
File : solaris8_110615.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 110616-18
File : solaris8_x86_110616.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
AIXAPAR http://www-1.ibm.com/support/search.wss?rs=0&q=IY82992&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82993&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82994&apar=only
BID http://www.securityfocus.com/bid/17192
BUGTRAQ http://www.securityfocus.com/archive/1/428536/100/0/threaded
CERT http://www.us-cert.gov/cas/techalerts/TA06-081A.html
CERT-VN http://www.kb.cert.org/vuls/id/834865
CIAC http://www.ciac.org/ciac/bulletins/q-151.shtml
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-074.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm
http://www.f-secure.com/security/fsc-2006-2.shtml
http://www.sendmail.com/company/advisory/index.shtml
http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme...
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&I...
DEBIAN http://www.debian.org/security/2006/dsa-1015
FEDORA http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00017.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00018.html
http://www.securityfocus.com/archive/1/428656/100/0/threaded
FREEBSD ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200603-21.xml
HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=...
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
ISS http://www.iss.net/threats/216.html
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:058
NETBSD ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-010.txt.asc
OPENBSD http://www.openbsd.org/errata38.html#sendmail
OPENPKG http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.007-sendmail.html
REDHAT http://www.redhat.com/support/errata/RHSA-2006-0264.html
http://www.redhat.com/support/errata/RHSA-2006-0265.html
SCO ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24/SCOSA-2006.24.txt
SECTRACK http://securitytracker.com/id?1015801
SGI ftp://patches.sgi.com/support/free/security/advisories/20060302-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2006&...
SREASON http://securityreason.com/securityalert/612
http://securityreason.com/securityalert/743
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102324-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200494-1
SUSE http://www.novell.com/linux/security/advisories/2006_17_sendmail.html
VUPEN http://www.vupen.com/english/advisories/2006/1049
http://www.vupen.com/english/advisories/2006/1051
http://www.vupen.com/english/advisories/2006/1068
http://www.vupen.com/english/advisories/2006/1072
http://www.vupen.com/english/advisories/2006/1139
http://www.vupen.com/english/advisories/2006/1157
http://www.vupen.com/english/advisories/2006/1529
http://www.vupen.com/english/advisories/2006/2189
http://www.vupen.com/english/advisories/2006/2490
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/24584

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
DateInformations
2018-10-19 21:19:43
  • Multiple Updates
2017-10-11 09:23:37
  • Multiple Updates
2017-07-20 09:23:17
  • Multiple Updates
2016-06-28 15:33:21
  • Multiple Updates
2016-04-26 14:11:07
  • Multiple Updates
2014-02-17 10:34:16
  • Multiple Updates
2014-01-19 21:23:04
  • Multiple Updates
2013-05-11 10:46:19
  • Multiple Updates