Alias(es)Sendmail.Server.Response.Read.TimeOut |
Release DateMar 23, 2006 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit a vulnerability in sendmail's setjmp(), longjmp() and sm_syslog() functions. A successful exploitation could allow remote attackers to execute arbitrary code. |
Affected ProductsSendmail version 8.13.5 and prior.Sendmail version 8.12.11 and prior. Sendmail Sentrion versions 1.1. Sendmail Switch versions 2.x (Solaris, Linux, AIX, and HP-UX). Sendmail Switch versions 3.0.x (Solaris, Linux, AIX, and HP-UX). Sendmail Switch versions 3.1.x (Solaris, Linux, AIX, and HP-UX). Sendmail Managed MTA versions 2.x (Solaris, Linux, AIX, and HP-UX). Sendmail Managed MTA versions 3.0.x (Solaris, Linux, AIX, and HP-UX). Sendmail Managed MTA versions 3.1.x (Solaris, Linux, AIX, and HP-UX). Sendmail Multi-Switch versions 2.x (Solaris, Linux, AIX, and HP-UX). Sendmail Multi-Switch versions 3.0.x (Solaris, Linux, AIX, and HP-UX). Sendmail Multi-Switch versions 3.1.x (Solaris, Linux, AIX, and HP-UX). Sendmail Message Store/SAMS versions 1.2.x (Solaris, Linux, AIX, and HP-UX). Sendmail Message Store/SAMS versions 2.0.x (Solaris, Linux, AIX, and HP-UX). Sendmail Message Store/SAMS versions 2.1.x (Solaris, Linux, AIX, and HP-UX). Sendmail Message Store/SAMS versions 2.2.x (Solaris, Linux, AIX, and HP-UX). Intelligent Quarantine version 3.0 (Solaris or Linux). |
Recommended ActionsApply patch, available from the web site:http://www.sendmail.org/releases/8.13.6 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-0058 |
Reference/shttp://www.sendmail.org/8.13.6.htmlhttp://www.securityfocus.com/bid/17192 (BugTraq) http://xforce.iss.net/xforce/alerts/id/216 http://www.frsirt.com/english/advisories/2006/1049 (FrSIRT) http://news.com.com/Sendmail+flaw+opens+door+to+intruders/2100-1002_3-6052758.html?tag=nefd.top |
