US-CERT Technical Cyber Security Alert TA06-081A -- Sendmail Race Condition Vulnerability

2006-03-2300:00:00

vulners.com

JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    National Cyber Alert System

             Technical Cyber Security Alert TA06-081A

Sendmail Race Condition Vulnerability

Original release date: March 22, 2006
Last revised: –
Source: US-CERT

Systems Affected

Sendmail versions prior to 8.13.6.

Overview

A race condition in Sendmail may allow a remote attacker to execute
arbitrary code.

I. Description

Sendmail contains a race condition caused by the improper handling of
asynchronous signals. In particular, by forcing the SMTP server to
have an I/O timeout at exactly the correct instant, an attacker may be
able to execute arbitrary code with the privileges of the Sendmail
process.

Details, including statements from affected vendors are available in
the following Vulnerability Note:
VU#834865 - Sendmail contains a race condition
A race condition in Sendmail may allow a remote attacker to execute
arbitrary code.
(CVE-2006-0058)

Please refer to the Sendmail MTA Security Vulnerability Advisory and
the Sendmail version 8.13.6 release page for more information.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code with
the privileges of the Sendmail process. If Sendmail is running as
root, the attacker could take complete control of an affected system.

III. Solution

Upgrade Sendmail

Sendmail version 8.13.6 has been released to correct this issue. In
addition to VU#834865, Sendmail 8.13.6 addresses other security issues
and potential weaknesses in the Sendmail code.

Patches to correct this issue in Sendmail versions 8.12.11 and 8.13.5
are also available.

Appendix A. References

 * US-CERT Vulnerability Note VU#834865 -
   &lt;http://www.kb.cert.org/vuls/id/834865&gt;

 * Sendmail version 8.13.6 - &lt;http://www.sendmail.org/8.13.6.html&gt;

 * Sendmail MTA Security Vulnerability Advisory -
   &lt;http://www.sendmail.com/company/advisory&gt;

 * Sendmail version 8.12.11 Patch -
   &lt;ftp://ftp.sendmail.org/pub/sendmail/8.12.11.p0&gt;

 * Sendmail version 8.13.5 Patch -
   &lt;ftp://ftp.sendmail.org/pub/sendmail/8.13.5.p0&gt;

 * CVE-2006-0058 -
   &lt;http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058&gt;

The most recent version of this document can be found at:

 &lt;http://www.us-cert.gov/cas/techalerts/TA06-081A.html&gt;

Feedback can be directed to US-CERT Technical Staff. Please send
email to <[email protected]> with "TA06-081A Feedback VU#834865" in the
subject.

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

Produced 2006 by US-CERT, a government organization.

 &lt;http://www.us-cert.gov/legal.html&gt;

Revision History

Mar 22, 2006: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRCGC0X0pj593lg50AQLczAf+NzjAlt+FR5QXIayFTYL3RPVXuVU8RYtp
i4a62FbF6bDQkVJZwWqusa1XCOaAk2HhIYbYHt2RDIKyXU8PlIs1VjtKCMzhfhNE
HyJfBhfCJycU0udMsoH1IorH9bves2Ubog+mLS/eGMCcgNUJ+z3P/U8KukZfeRJi
5+jGrqksuz342XlI/9vKc9x3ateUrAyS2plbWc8wzxiG/T82hO7fCxz9mnd1V6zM
Ub2iFAIpAbBhvEJOt7/IHxnmED/YaFF6JWbvWrZxXkLpcLFNKTN7j4pyX4ymqPmk
rSoSXeCb5cc2ARBCyfsLY5+i96BxV0RgfcBXbT9mRjv7die16AoTXQ==
=7/71
-----END PGP SIGNATURE-----