Notices

NSC-060322: Sendmail Race Condition Vulnerability

National Cyber Alert System

Technical Cyber Security Alert TA06-081A

Sendmail Race Condition Vulnerability

Original release date: March 22, 2006

Last revised: --

Source: US-CERT

Systems Affected

Sendmail versions prior to 8.13.6.

Overview

A race condition in Sendmail may allow a remote attacker to execute arbitrary code.

I. Description

Sendmail contains a race condition caused by the improper handling ofasynchronous signals. In particular, by forcing the SMTP server tohave an I/O timeout at exactly the correct instant, an attacker may beable to execute arbitrary code with the privileges of the Sendmail process.

Details, including statements from affected vendors are available inthe following Vulnerability Note:

VU#834865 - Sendmail contains a race condition

A race condition in Sendmail may allow a remote attacker to executearbitrary code.

(CVE-2006-0058)

Please refer to the Sendmail MTA Security Vulnerability Advisory andthe Sendmail version 8.13.6 release page for more information.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code withthe privileges of the Sendmail process. If Sendmail is running asroot, the attacker could take complete control of an affected system.

III. Solution

Upgrade Sendmail

Sendmail version 8.13.6 has been released to correct this issue. Inaddition to VU#834865, Sendmail 8.13.6 addresses other security issues and potential weaknesses in the Sendmail code.Patches to correct this issue in Sendmail versions 8.12.11 and 8.13.5are also available

Appendix A. References

* US-CERT Vulnerability Note VU#834865 -

<http://www.kb.cert.org/vuls/id/834865>

* Sendmail version 8.13.6 - <http://www.sendmail.org/8.13.6.html>

* Sendmail MTA Security Vulnerability Advisory -

<http://www.sendmail.com/company/advisory>

* Sendmail version 8.12.11 Patch -

<ftp://ftp.sendmail.org/pub/sendmail/8.12.11.p0>

* Sendmail version 8.13.5 Patch -

<ftp://ftp.sendmail.org/pub/sendmail/8.13.5.p0>

* CVE-2006-0058 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA06-081A.html>

____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please sendemail to <cert@cert.org> with "TA06-081A Feedback VU#834865" in thesubject.

____________________________________________________________________

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

____________________________________________________________________

Produced 2006 by US-CERT, a government organization.Terms of use:

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

Revision History

Mar 22, 2006: Initial release

UI Home | UI A-Z Search | UI Phonebook/Email | Contact Us

Copyright © The University of Iowa. All rights reserved.