Executive Summary

Informations
NameCVE-2006-1173First vendor Publication2006-06-07
VendorCveLast vendor Modification2018-10-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-2Inducing Account Lockout
CAPEC-82Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-147XML Ping of Death
CAPEC-228Resource Depletion through DTD Injection in a SOAP Message

CWE : Common Weakness Enumeration

%idName
100 %CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11253
 
Oval ID: oval:org.mitre.oval:def:11253
Title: Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
Description: Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1173
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application66

OpenVAS Exploits

DateDescription
2008-09-24Name : Gentoo Security Advisory GLSA 200606-19 (sendmail)
File : nvt/glsa_200606_19.nasl
2008-09-04Name : FreeBSD Security Advisory (FreeBSD-SA-06:17.sendmail.asc)
File : nvt/freebsdsa_sendmail2.nasl
2008-01-17Name : Debian Security Advisory DSA 1155-1 (sendmail)
File : nvt/deb_1155_1.nasl
2008-01-17Name : Debian Security Advisory DSA 1155-2 (sendmail)
File : nvt/deb_1155_2.nasl
2008-01-17Name : Debian Security Advisory DSA 1164-1 (sendmail)
File : nvt/deb_1164_1.nasl
0000-00-00Name : Slackware Advisory SSA:2006-166-01 sendmail
File : nvt/esoft_slk_ssa_2006_166_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
26197Sendmail Multi-Part MIME Message Handling DoS

Nessus® Vulnerability Scanner

DateDescription
2013-03-13Name : The remote AIX host is missing a vendor-supplied security patch.
File : aix_U477911.nasl - Type : ACT_GATHER_INFO
2013-03-13Name : The remote AIX host is missing a vendor-supplied security patch.
File : aix_U497412.nasl - Type : ACT_GATHER_INFO
2007-12-03Name : The remote AIX host is missing a vendor-supplied security patch.
File : aix_U806039.nasl - Type : ACT_GATHER_INFO
2007-12-03Name : The remote AIX host is missing a vendor-supplied security patch.
File : aix_U807468.nasl - Type : ACT_GATHER_INFO
2007-02-18Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2006_032.nasl - Type : ACT_GATHER_INFO
2007-01-17Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-836.nasl - Type : ACT_GATHER_INFO
2007-01-17Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-837.nasl - Type : ACT_GATHER_INFO
2006-10-14Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1155.nasl - Type : ACT_GATHER_INFO
2006-10-14Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1164.nasl - Type : ACT_GATHER_INFO
2006-08-08Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_34689.nasl - Type : ACT_GATHER_INFO
2006-08-08Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_34900.nasl - Type : ACT_GATHER_INFO
2006-08-08Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_34927.nasl - Type : ACT_GATHER_INFO
2006-08-08Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_34936.nasl - Type : ACT_GATHER_INFO
2006-07-03Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0515.nasl - Type : ACT_GATHER_INFO
2006-06-16Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-104.nasl - Type : ACT_GATHER_INFO
2006-06-16Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0515.nasl - Type : ACT_GATHER_INFO
2006-06-16Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200606-19.nasl - Type : ACT_GATHER_INFO
2006-06-16Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2006-166-01.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 114137-10
File : solaris9_x86_114137.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 113575-11
File : solaris9_113575.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
AIXAPAR http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only
BID http://www.securityfocus.com/bid/18433
BUGTRAQ http://www.securityfocus.com/archive/1/437928/100/0/threaded
http://www.securityfocus.com/archive/1/438241/100/0/threaded
http://www.securityfocus.com/archive/1/438330/100/0/threaded
http://www.securityfocus.com/archive/1/440744/100/0/threaded
CERT-VN http://www.kb.cert.org/vuls/id/146718
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm
http://www.f-secure.com/security/fsc-2006-5.shtml
http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
https://issues.rpath.com/browse/RPL-526
DEBIAN http://www.debian.org/security/2006/dsa-1155
FREEBSD ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml
HP http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
http://www.securityfocus.com/archive/1/442939/100/0/threaded
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:104
OPENBSD http://www.openbsd.org/errata38.html#sendmail2
REDHAT http://www.redhat.com/support/errata/RHSA-2006-0515.html
SECTRACK http://securitytracker.com/id?1016295
SGI ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2006&...
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1
SUSE http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html
VUPEN http://www.vupen.com/english/advisories/2006/2189
http://www.vupen.com/english/advisories/2006/2351
http://www.vupen.com/english/advisories/2006/2388
http://www.vupen.com/english/advisories/2006/2389
http://www.vupen.com/english/advisories/2006/2390
http://www.vupen.com/english/advisories/2006/2798
http://www.vupen.com/english/advisories/2006/3135
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/27128

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2018-10-18 21:20:01
  • Multiple Updates
2017-10-11 09:23:38
  • Multiple Updates
2017-07-20 09:23:25
  • Multiple Updates
2016-06-28 15:39:46
  • Multiple Updates
2016-04-26 14:23:40
  • Multiple Updates
2014-02-17 10:34:59
  • Multiple Updates
2013-05-11 10:51:19
  • Multiple Updates