Oval Definition:oval:com.redhat.rhsa:def:20060264
Revision Date:2008-03-20Version:641
Title:RHSA-2006:0264: sendmail security update (Critical)
Description:Sendmail is a Mail Transport Agent (MTA) used to send mail between machines.

A flaw in the handling of asynchronous signals was discovered in Sendmail. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0058 to this issue.

By default on Red Hat Enterprise Linux 3 and 4, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be able to be remotely exploited by this vulnerability.

Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue.
Family:unixClass:patch
Status:Reference(s):CVE-2006-0058
RHSA-2006:0264
RHSA-2006:0264-01
RHSA-2006:0264-01
Platform(s):Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • sendmail-cf is earlier than 0:8.12.11-4.RHEL3.4
  • AND sendmail-cf is signed with Red Hat master key
  • sendmail-devel is earlier than 0:8.12.11-4.RHEL3.4
  • AND sendmail-devel is signed with Red Hat master key
  • sendmail-doc is earlier than 0:8.12.11-4.RHEL3.4
  • AND sendmail-doc is signed with Red Hat master key
  • sendmail is earlier than 0:8.12.11-4.RHEL3.4
  • AND sendmail is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • sendmail is earlier than 0:8.13.1-3.RHEL4.3
  • AND sendmail is signed with Red Hat master key
  • sendmail-devel is earlier than 0:8.13.1-3.RHEL4.3
  • AND sendmail-devel is signed with Red Hat master key
  • sendmail-doc is earlier than 0:8.13.1-3.RHEL4.3
  • AND sendmail-doc is signed with Red Hat master key
  • sendmail-cf is earlier than 0:8.13.1-3.RHEL4.3
  • AND sendmail-cf is signed with Red Hat master key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • sendmail is earlier than 0:8.12.11-4.RHEL3.4
  • AND sendmail is signed with Red Hat master key
  • sendmail-cf is earlier than 0:8.12.11-4.RHEL3.4
  • AND sendmail-cf is signed with Red Hat master key
  • sendmail-devel is earlier than 0:8.12.11-4.RHEL3.4
  • AND sendmail-devel is signed with Red Hat master key
  • sendmail-doc is earlier than 0:8.12.11-4.RHEL3.4
  • AND sendmail-doc is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • sendmail is earlier than 0:8.13.1-3.RHEL4.3
  • AND sendmail is signed with Red Hat master key
  • sendmail-cf is earlier than 0:8.13.1-3.RHEL4.3
  • AND sendmail-cf is signed with Red Hat master key
  • sendmail-devel is earlier than 0:8.13.1-3.RHEL4.3
  • AND sendmail-devel is signed with Red Hat master key
  • sendmail-doc is earlier than 0:8.13.1-3.RHEL4.3
  • AND sendmail-doc is signed with Red Hat master key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • sendmail is earlier than 0:8.13.1-3.RHEL4.3
  • AND sendmail is signed with Red Hat redhatrelease2 key
  • sendmail-cf is earlier than 0:8.13.1-3.RHEL4.3
  • AND sendmail-cf is signed with Red Hat redhatrelease2 key
  • sendmail-devel is earlier than 0:8.13.1-3.RHEL4.3
  • AND sendmail-devel is signed with Red Hat redhatrelease2 key
  • sendmail-doc is earlier than 0:8.13.1-3.RHEL4.3
  • AND sendmail-doc is signed with Red Hat redhatrelease2 key
    • BACK