CVE-2006-4434

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

Vulnerabilidad Utilizar-tras-liberar en Sendmail versiones anteriores a 8.13.8, permite a atacantes remotos provocar una denegación de servicio (crash) mediante una "header line" larga, que provoca que una variable liberada anteriormente sea referenciada.
NOTa: El desarrollador original ha impugnado la severidad de esta vulnerabilidad diciendo "La única denegación de servicio posible aquí, es llenar el disco con volcados de memoria si el Sistema Operativo genera diferentes volcados de memoria (que es improbable)... el error reside en el código de apagado (finis()) que conduce directamente a exit(3), en este caso, el proceso terminaría de todas formas, no afecta a la distribución ni recepción de correo".

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-08-28 CVE Reserved
2006-08-29 CVE Published
2024-02-16 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (19)

URL	Tag	Source
http://www.attrition.org/pipermail/vim/2006-August/000999.html	Mailing List
http://www.osvdb.org/28193	Broken Link
http://www.sendmail.org/releases/8.13.8.html	Release Notes

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/21637	2024-02-15
http://secunia.com/advisories/21641	2024-02-15
http://securitytracker.com/id?1016753	2024-02-15
http://www.securityfocus.com/bid/19714	2024-02-15

URL	Date	SRC
http://secunia.com/advisories/21696	2024-02-15
http://secunia.com/advisories/21700	2024-02-15
http://secunia.com/advisories/21749	2024-02-15
http://secunia.com/advisories/22369	2024-02-15
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1	2024-02-15
http://www.debian.org/security/2006/dsa-1164	2024-02-15
http://www.mandriva.com/security/advisories?name=MDKSA-2006:156	2024-02-15
http://www.novell.com/linux/security/advisories/2006_21_sr.html	2024-02-15
http://www.openbsd.org/errata.html#sendmail3	2024-02-15
http://www.openbsd.org/errata38.html#sendmail3	2024-02-15
http://www.vupen.com/english/advisories/2006/3393	2024-02-15
http://www.vupen.com/english/advisories/2006/3994	2024-02-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sendmail Search vendor "Sendmail"		Sendmail Search vendor "Sendmail" for product "Sendmail"				< 8.13.8 Search vendor "Sendmail" for product "Sendmail" and version " < 8.13.8"		-		Affected