Bug 205021

Summary: Sendmail 8.13.7: CVE-2006-4434: remote DOS vulnerability
Product: [Fedora] Fedora Reporter: Gilbert Sebenste <sebenste>
Component: sendmailAssignee: Thomas Woerner <twoerner>
Status: CLOSED UPSTREAM QA Contact: David Lawrence <dkl>
Severity: urgent Docs Contact:
Priority: medium    
Version: 5   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.sendmail.org
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-01-23 09:20:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gilbert Sebenste 2006-09-02 15:13:44 UTC
Description of problem: Use-after-free vulnerability in Sendmail before 8.13.8 
allows remote attackers to cause a denial of service (crash) via a 
long "header line", which causes a previously freed variable to be referenced.

Version-Release number of selected component (if applicable): 8.13.7-2 and 
prior


How reproducible: Always


Steps to Reproduce:
1. Use sendmail!
2. Attack using flaw
3. 
  
Actual results: Sendmail processes craash on DOS.


Expected results: Sendmail shouldn't do that!


Additional info: Patch is available at www.sendmail.org.
This is in Rawhide now, but we need an update for FC4/FC5.

Comment 1 Florian La Roche 2007-01-23 09:20:53 UTC
8.13.8 seems to be pushed out

Florian La Roche