Vulnerability Name:

CVE-2006-4434 (CCN-28662)

Assigned:2006-08-09
Published:2006-08-09
Updated:2011-03-10
Summary:Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced.
Note: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2006-4434

Source: CCN
Type: SA21637
Sendmail Long Header Denial of Service Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
21637

Source: SECUNIA
Type: Patch, Vendor Advisory
21641

Source: SECUNIA
Type: Vendor Advisory
21696

Source: SECUNIA
Type: Vendor Advisory
21700

Source: SECUNIA
Type: Vendor Advisory
21749

Source: CCN
Type: SA22369
Sun Solaris Sendmail Long Header Denial of Service

Source: SECUNIA
Type: Vendor Advisory
22369

Source: CCN
Type: SA32704
IBM AIX update for sendmail

Source: CCN
Type: SECTRACK ID: 1016753
Sendmail May Crash When Processing Mail with a Long Header

Source: SECTRACK
Type: Patch
1016753

Source: CCN
Type: Sun Alert ID: 102664
A "Use-after-free" Vulnerability in Sendmail Versions Before 8.13.8 may Allow a Denial of Service (DoS)

Source: SUNALERT
Type: UNKNOWN
102664

Source: CCN
Type: IBM APAR IZ25577
SENDMAIL VULNERABILITY (CVE-2006-4434)

Source: CCN
Type: IBM APAR IZ24183
SENDMAIL VULNERABILITY (CVE-2006-4434)

Source: CCN
Type: IBM APAR IZ25563
SENDMAIL VULNERABILITY (CVE-2006-4434)

Source: CCN
Type: IBM APAR IZ25570
SENDMAIL VULNERABILITY (CVE-2006-4434)

Source: VIM
Type: UNKNOWN
20060829 Sendmail vendor dispute - CVE-2006-4434 (fwd)

Source: DEBIAN
Type: UNKNOWN
DSA-1164

Source: DEBIAN
Type: DSA-1164
sendmail -- programming error

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:156

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:021

Source: CCN
Type: OpenBSD 3.9 errata
005: SECURITY FIX: August 25, 2006

Source: OPENBSD
Type: UNKNOWN
[3.9] 20060825 005: SECURITY FIX: August 25, 2006

Source: CCN
Type: OpenBSD 3.8 errata
010: SECURITY FIX: August 25, 2006

Source: OPENBSD
Type: UNKNOWN
[3.8] 20060825 010: SECURITY FIX: August 25, 2006

Source: OSVDB
Type: UNKNOWN
28193

Source: CCN
Type: OSVDB ID: 28193
Sendmail Header Processing Overflow DoS

Source: BID
Type: Patch
19714

Source: CCN
Type: BID-19714
Sendmail Long Header Denial Of Service Vulnerability

Source: CCN
Type: Sendmail.org
Sendmail 8.13.8

Source: CONFIRM
Type: Patch
http://www.sendmail.org/releases/8.13.8.html

Source: CCN
Type: TLSA-2006-28
sendmail denial of service attack

Source: VUPEN
Type: Vendor Advisory
ADV-2006-3393

Source: VUPEN
Type: Vendor Advisory
ADV-2006-3994

Source: XF
Type: UNKNOWN
sendmail-long-header-dos(28662)

Source: SUSE
Type: SUSE-SR:2006:021
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sendmail:sendmail:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:4.55:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:5.59:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:5.61:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:5.65:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.10:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.11:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.6:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.7:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:5.59:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:5.61:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:5.65:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.7:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.6:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.13.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.11:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.12.10:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.7:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.10:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:4.55:*:*:*:*:*:*:*
  • OR cpe:/a:sendmail:sendmail:4.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:ibm:aix:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:5.3:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.8:*:*:*:*:*:*:*
  • OR cpe:/o:openbsd:openbsd:3.9:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20064434
    V
    		CVE-2006-4434
    2015-11-16
    oval:org.debian:def:1164
    V
    		programming error
    2006-08-31
    BACK
    sendmail sendmail 4.1
    sendmail sendmail 4.55
    sendmail sendmail 5.59
    sendmail sendmail 5.61
    sendmail sendmail 5.65
    sendmail sendmail 8.8.8
    sendmail sendmail 8.9.0
    sendmail sendmail 8.9.1
    sendmail sendmail 8.9.2
    sendmail sendmail 8.9.3
    sendmail sendmail 8.10
    sendmail sendmail 8.10.1
    sendmail sendmail 8.10.2
    sendmail sendmail 8.11.0
    sendmail sendmail 8.11.1
    sendmail sendmail 8.11.2
    sendmail sendmail 8.11.3
    sendmail sendmail 8.11.4
    sendmail sendmail 8.11.5
    sendmail sendmail 8.11.6
    sendmail sendmail 8.11.7
    sendmail sendmail 8.12 beta10
    sendmail sendmail 8.12 beta12
    sendmail sendmail 8.12 beta16
    sendmail sendmail 8.12 beta5
    sendmail sendmail 8.12 beta7
    sendmail sendmail 8.12.0
    sendmail sendmail 8.12.1
    sendmail sendmail 8.12.2
    sendmail sendmail 8.12.3
    sendmail sendmail 8.12.4
    sendmail sendmail 8.12.5
    sendmail sendmail 8.12.6
    sendmail sendmail 8.12.7
    sendmail sendmail 8.12.8
    sendmail sendmail 8.12.9
    sendmail sendmail 8.12.10
    sendmail sendmail 8.12.11
    sendmail sendmail 8.13.3
    sendmail sendmail 8.13.4
    sendmail sendmail 8.13.5
    sendmail sendmail 8.13.6
    sendmail sendmail 8.13.7
    sendmail sendmail 8.12.0
    sendmail sendmail 8.12.6
    sendmail sendmail 5.59
    sendmail sendmail 8.11.1
    sendmail sendmail 8.9.3
    sendmail sendmail 8.12.1
    sendmail sendmail 8.12.2
    sendmail sendmail 8.12.3
    sendmail sendmail 8.12.4
    sendmail sendmail 8.12.5
    sendmail sendmail 5.61
    sendmail sendmail 5.65
    sendmail sendmail 8.13.7
    sendmail sendmail 8.13.6
    sendmail sendmail 8.13.5
    sendmail sendmail 8.13.4
    sendmail sendmail 8.13.3
    sendmail sendmail 8.12.11
    sendmail sendmail 8.12.9
    sendmail sendmail 8.12.8
    sendmail sendmail 8.12.7
    sendmail sendmail 8.12 beta7
    sendmail sendmail 8.12 beta5
    sendmail sendmail 8.12 beta16
    sendmail sendmail 8.12 beta12
    sendmail sendmail 8.12 beta10
    sendmail sendmail 8.12.10
    sendmail sendmail 8.11.7
    sendmail sendmail 8.11.6
    sendmail sendmail 8.11.5
    sendmail sendmail 8.11.4
    sendmail sendmail 8.11.3
    sendmail sendmail 8.11.2
    sendmail sendmail 8.11.0
    sendmail sendmail 8.10.2
    sendmail sendmail 8.10.1
    sendmail sendmail 8.10
    sendmail sendmail 8.9.2
    sendmail sendmail 8.9.1
    sendmail sendmail 8.9.0
    sendmail sendmail 8.8.8
    sendmail sendmail 4.55
    sendmail sendmail 4.1
    ibm aix 6.1
    ibm aix 5.3
    mandrakesoft mandrake linux corporate server 3.0
    debian debian linux 3.1
    mandrakesoft mandrake multi network firewall 2.0
    mandrakesoft mandrake linux 2006
    openbsd openbsd 3.8
    openbsd openbsd 3.9
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux personal *