Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-4434

Published: 29/08/2006 Updated: 15/02/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Sendmail

Vulnerability Summary

Use-after-free vulnerability in Sendmail prior to 8.13.8 allows remote malicious users to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

Vulnerable Product Search on Vulmon Subscribe to Product

sendmail sendmail

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2006-4434: sendmail 8.13.8 fixes remote DoS vulnerability
Debian Bug report logs - #385054 CVE-2006-4434: sendmail 8138 fixes remote DoS vulnerability Package: sendmail; Maintainer for sendmail is Debian QA Group <packages@qadebianorg>; Source for sendmail is src:sendmail (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Mon, 28 Aug 2006 18:48:07 ...
Debian Security Advisories: DSA-1164-1 sendmail -- programming error
A programming error has been discovered in sendmail, an alternative mail transport agent for Debian, that could allow a remote attacker to crash the sendmail process by sending a specially crafted email message Please note that in order to install this update you also need libsasl2 library from proposed updates as outlined in DSA 1155-2 For the s ...

References

CWE-416http://www.sendmail.org/releases/8.13.8.htmlhttp://www.openbsd.org/errata38.html#sendmail3http://www.openbsd.org/errata.html#sendmail3http://www.securityfocus.com/bid/19714http://securitytracker.com/id?1016753http://secunia.com/advisories/21637http://secunia.com/advisories/21641http://www.debian.org/security/2006/dsa-1164http://www.attrition.org/pipermail/vim/2006-August/000999.htmlhttp://secunia.com/advisories/21696http://secunia.com/advisories/21700http://www.novell.com/linux/security/advisories/2006_21_sr.htmlhttp://www.osvdb.org/28193http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1http://secunia.com/advisories/22369http://secunia.com/advisories/21749http://www.mandriva.com/security/advisories?name=MDKSA-2006:156http://www.vupen.com/english/advisories/2006/3994http://www.vupen.com/english/advisories/2006/3393https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385054https://www.debian.org/security/./dsa-1164https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook