Executive Summary

NameCVE-2006-4434First vendor Publication2006-08-28
VendorCveLast vendor Modification2011-03-10

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4434

CWE : Common Weakness Enumeration

100 %CWE-399Resource Management Errors

CPE : Common Platform Enumeration


OpenVAS Exploits

2009-10-10Name : SLES9: Security update for sendmail
File : nvt/sles9p5014809.nasl
2008-01-17Name : Debian Security Advisory DSA 1164-1 (sendmail)
File : nvt/deb_1164_1.nasl

Open Source Vulnerability Database (OSVDB)

28193Sendmail Header Processing Overflow DoS

Nessus® Vulnerability Scanner

2011-11-18Name : The remote mail server is susceptible to a denial of service attack.
File : sendmail_8_13_8.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_11200.nasl - Type : ACT_GATHER_INFO
2007-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_sendmail-2030.nasl - Type : ACT_GATHER_INFO
2007-10-17Name : The remote openSUSE host is missing a security update.
File : suse_sendmail-2027.nasl - Type : ACT_GATHER_INFO
2006-12-16Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-156.nasl - Type : ACT_GATHER_INFO
2006-10-14Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1164.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 114137-10
File : solaris9_x86_114137.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 113575-11
File : solaris9_113575.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

BID http://www.securityfocus.com/bid/19714
CONFIRM http://www.sendmail.org/releases/8.13.8.html
DEBIAN http://www.debian.org/security/2006/dsa-1164
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:156
OPENBSD http://www.openbsd.org/errata.html#sendmail3
SECTRACK http://securitytracker.com/id?1016753
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1
SUSE http://www.novell.com/linux/security/advisories/2006_21_sr.html
VIM http://www.attrition.org/pipermail/vim/2006-August/000999.html
VUPEN http://www.vupen.com/english/advisories/2006/3393

Alert History

If you want to see full details history, please login or register.
2016-06-28 15:56:10
  • Multiple Updates
2016-04-26 15:00:52
  • Multiple Updates
2014-02-17 10:37:06
  • Multiple Updates
2013-05-11 11:07:45
  • Multiple Updates