Vulnerability Name:

CVE-2006-0058 (CCN-24584)

Assigned:2006-03-22
Published:2006-03-22
Updated:2018-10-19
Summary:Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-06:13

Source: NETBSD
Type: UNKNOWN
NetBSD-SA2006-010

Source: SCO
Type: UNKNOWN
SCOSA-2006.24

Source: SGI
Type: UNKNOWN
20060302-01-P

Source: SGI
Type: UNKNOWN
20060401-01-U

Source: CCN
Type: SGI Security Advisory 20060401-01-U
SGI Advanced Linux Environment 3 Security Update #56

Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail
Race condition in sendmail

Source: MITRE
Type: CNA
CVE-2006-0058

Source: HP
Type: UNKNOWN
HPSBUX02108

Source: HP
Type: UNKNOWN
HPSBTU02116

Source: CCN
Type: RHSA-2006-0264
sendmail security update

Source: CCN
Type: RHSA-2006-0265
sendmail security update

Source: CCN
Type: SA19342
Sendmail Signal Handling Memory Corruption Vulnerability

Source: SECUNIA
Type: UNKNOWN
19342

Source: SECUNIA
Type: UNKNOWN
19345

Source: SECUNIA
Type: UNKNOWN
19346

Source: CCN
Type: SA19349
AIX sendmail Signal Handling Memory Corruption Vulnerability

Source: SECUNIA
Type: UNKNOWN
19349

Source: SECUNIA
Type: UNKNOWN
19356

Source: CCN
Type: SA19360
Sun Solaris Sendmail Signal Handling Memory Corruption

Source: SECUNIA
Type: UNKNOWN
19360

Source: SECUNIA
Type: UNKNOWN
19361

Source: SECUNIA
Type: UNKNOWN
19363

Source: SECUNIA
Type: UNKNOWN
19367

Source: SECUNIA
Type: UNKNOWN
19368

Source: SECUNIA
Type: UNKNOWN
19394

Source: CCN
Type: SA19404
Avaya Products Sendmail Signal Handling Memory Corruption

Source: SECUNIA
Type: UNKNOWN
19404

Source: SECUNIA
Type: UNKNOWN
19407

Source: CCN
Type: SA19450
F-Secure Messaging Security Gateway Sendmail Vulnerability

Source: SECUNIA
Type: UNKNOWN
19450

Source: CCN
Type: SA19466
NetBSD Sendmail Memory Corruption Vulnerability

Source: SECUNIA
Type: UNKNOWN
19466

Source: SECUNIA
Type: UNKNOWN
19532

Source: SECUNIA
Type: UNKNOWN
19533

Source: CCN
Type: SA19676
Avaya CMS / IR Sendmail Memory Corruption Vulnerability

Source: SECUNIA
Type: UNKNOWN
19676

Source: CCN
Type: SA19774
Sun Cobalt Sendmail Memory Corruption Vulnerability

Source: SECUNIA
Type: UNKNOWN
19774

Source: SECUNIA
Type: UNKNOWN
20243

Source: CCN
Type: SA20723
IBM HMC Sendmail and OpenSSH Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
20723

Source: SREASON
Type: UNKNOWN
612

Source: SREASON
Type: UNKNOWN
743

Source: CCN
Type: SECTRACK ID: 1015801
Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015801

Source: CCN
Type: SECTRACK ID: 1015807
(Sendmail.com Issues Fix) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1015814
(IBM Issues Fix for AIX) Sendmail Race Condition in Signal Handler May Let Remote Users Trigger a Buffer Overflow to Execute Arbitrary Code

Source: SLACKWARE
Type: UNKNOWN
SSA:2006-081-01

Source: CCN
Type: Sun Alert ID: 102262
Security Vulnerability in sendmail(1M) 8.12 and 8.13.0 through 8.13.5

Source: SUNALERT
Type: UNKNOWN
102262

Source: CCN
Type: Sun Alert ID: 102324
Sun Cobalt sendmail(1M) Security Issue Involving Signal Handling Daemon

Source: SUNALERT
Type: UNKNOWN
102324

Source: SUNALERT
Type: UNKNOWN
200494

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-074.htm

Source: CCN
Type: ASA-2006-074
sendmail security update (RHSA-2006-0264 & RHSA-2006-0265)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm

Source: CCN
Type: ASA-2006-078
Sun Alert Notifications from Sun Weekly Report dated Mar 25 2006

Source: CCN
Type: ASA-2006-104
UnixWare Sendmail Arbitrary Code Execution Vulnerability (SCOSA-2006.24)

Source: AIXAPAR
Type: UNKNOWN
IY82992

Source: AIXAPAR
Type: UNKNOWN
IY82993

Source: AIXAPAR
Type: UNKNOWN
IY82994

Source: CIAC
Type: UNKNOWN
Q-151

Source: DEBIAN
Type: UNKNOWN
DSA-1015

Source: DEBIAN
Type: DSA-1015
sendmail -- programming error

Source: CONFIRM
Type: UNKNOWN
http://www.f-secure.com/security/fsc-2006-2.shtml

Source: CCN
Type: GLSA-200603-21
Sendmail: Race condition in the handling of asynchronous signals

Source: GENTOO
Type: UNKNOWN
GLSA-200603-21

Source: ISS
Type: UNKNOWN
20060322 Sendmail Remote Signal Handling Vulnerability

Source: CCN
Type: US-CERT VU#834865
Sendmail signal I/O race condition

Source: CERT-VN
Type: US Government Resource
VU#834865

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:058

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:017

Source: OPENBSD
Type: UNKNOWN
[3.8] 006: SECURITY FIX: March 25, 2006

Source: CCN
Type: OpenPKG-SA-2006.007
Sendmail

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2006.007

Source: OSVDB
Type: UNKNOWN
24037

Source: CCN
Type: OSVDB ID: 24037
Sendmail Signal Handler Race Condition Remote Overflow

Source: FEDORA
Type: UNKNOWN
FEDORA-2006-194

Source: FEDORA
Type: UNKNOWN
FEDORA-2006-193

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0264

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0265

Source: BUGTRAQ
Type: UNKNOWN
20060322 sendmail vuln advisories (CVE-2006-0058)

Source: FEDORA
Type: UNKNOWN
FLSA:186277

Source: BID
Type: UNKNOWN
17192

Source: CCN
Type: BID-17192
Sendmail Asynchronous Signal Handling Remote Code Execution Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www.sendmail.com/company/advisory/index.shtml

Source: CCN
Type: Sendmail Web site
Sendmail 8.1.13

Source: CCN
Type: Slackware Security Advisory SSA:2006-081-01
sendmail

Source: CCN
Type: TLSA-2006-5
Race condition

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-081A
Sendmail Race Condition Vulnerability

Source: CERT
Type: US Government Resource
TA06-081A

Source: VUPEN
Type: UNKNOWN
ADV-2006-1049

Source: VUPEN
Type: UNKNOWN
ADV-2006-1051

Source: VUPEN
Type: UNKNOWN
ADV-2006-1068

Source: VUPEN
Type: UNKNOWN
ADV-2006-1072

Source: VUPEN
Type: UNKNOWN
ADV-2006-1139

Source: VUPEN
Type: UNKNOWN
ADV-2006-1157

Source: VUPEN
Type: UNKNOWN
ADV-2006-1529

Source: VUPEN
Type: UNKNOWN
ADV-2006-2189

Source: VUPEN
Type: UNKNOWN
ADV-2006-2490

Source: CONFIRM
Type: UNKNOWN
http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688

Source: CONFIRM
Type: UNKNOWN
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751

Source: CCN
Type: Internet Security Systems Protection Advisory March 22, 2006
Sendmail Remote Signal Handling Vulnerability

Source: XF
Type: UNKNOWN
smtp-timeout-bo(24584)

Source: XF
Type: UNKNOWN
smtp-timeout-bo(24584)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11074

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1689

Source: SUSE
Type: SUSE-SA:2006:017
sendmail remote code execution

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.5:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sendmail:sendmail:8.13.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8:*:x86:*:*:*:*:*
  • OR cpe:/h:sun:cobalt_raq_4:*:*:*:*:*:*:*:*
  • OR cpe:/h:sun:cobalt_raq_xtr:*:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9:*:x86:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:x86:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.5:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20060058
    V
    		CVE-2006-0058
    2015-11-16
    oval:org.mitre.oval:def:11074
    V
    		Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
    2013-04-29
    oval:org.mitre.oval:def:1689
    V
    		Sendmail setjmp longjmp bo (Red Hat Internal)
    2013-04-22
    oval:com.redhat.rhsa:def:20060264
    P
    		RHSA-2006:0264: sendmail security update (Critical)
    2008-03-20
    oval:org.debian:def:1015
    V
    		programming error
    2006-03-23
    BACK
    sendmail sendmail 8.13.0
    sendmail sendmail 8.13.1
    sendmail sendmail 8.13.2
    sendmail sendmail 8.13.3
    sendmail sendmail 8.13.4
    sendmail sendmail 8.13.5
    sendmail sendmail 8.13.5
    sendmail sendmail 8.13.4
    sendmail sendmail 8.13.3
    sendmail sendmail 8.13.2
    sendmail sendmail 8.13.1
    sendmail sendmail 8.13.0
    freebsd freebsd *
    sun solaris 8
    sun cobalt raq 4 *
    sun cobalt raq xtr *
    debian debian linux 3.0
    slackware slackware linux 8.1
    openpkg openpkg current
    gentoo linux *
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    slackware slackware linux 9.0
    slackware slackware linux 9.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    sun solaris 8
    sun solaris 9
    suse suse linux 9.1
    redhat enterprise linux 3
    slackware slackware linux 10.0
    suse suse linux 9.2
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    slackware slackware linux 10.1
    mandrakesoft mandrake multi network firewall 2.0
    sun solaris 10
    sun solaris 10
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    openpkg openpkg 2.5
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 9.3
    sun solaris 9