184466 – CVE-2006-0058 Sendmail race condition issue

Bug 184466 - CVE-2006-0058 Sendmail race condition issue

Summary: CVE-2006-0058 Sendmail race condition issue

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sendmail
Sub Component:
Version:	4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	urgent
Target Milestone:	---
Assignee:	Thomas Woerner
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:	source=cert,reported=20060308,embargo...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-03-08 23:10 UTC by Josh Bressers
Modified:	2013-01-10 03:41 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-03-22 19:17:49 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2006-03-08 23:10:10 UTC

Sendmail race condition issue

CERT has reported a race condition issue in sendmail which may lead to
arbitrary remote code execution.

CERT has assinged this issue the name VU#834865

Comment 1 Josh Bressers 2006-03-08 23:18:15 UTC

attachment 125842 [details] is the proposed patch from CERT

To quote CERT regarding this patch:

    A patch to correct this issue in sendmail versions 8.13 is provided
    below. The patch also eliminates potential integer overflows in how
    sendmail handles message headers. This patch was prepared manually by
    Sendmail and in our experience will generate warnings about
    offsets. We've discussed this with Sendmail and believe it to be
    harmless. Aside from that, CERT/CC has not verified this patch, what
    issues are corrected, and how those issues are corrected.

Comment 2 Josh Bressers 2006-03-22 15:58:02 UTC

This issue is now public:
http://www.sendmail.org/8.13.6.html

Comment 3 Matthew Miller 2006-03-22 18:51:39 UTC

This also affects FC5....

Comment 4 Fedora Update System 2006-03-22 18:54:39 UTC

sendmail-8.13.6-0.FC4.1 has been pushed for FC4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 5 Matthew Miller 2006-03-22 18:59:14 UTC

So what about FC5?

Comment 6 Josh Bressers 2006-03-22 19:17:49 UTC

FC5 is being fixed by sendmail-8.13.6-0.FC5.1
FEDORA-2006-193

The FC5 update has been pushed, it should appear on mirrors shortly.

Comment 7 Matthew Miller 2006-03-22 19:37:47 UTC

Thanks.

Note You need to log in before you can comment on or make changes to this bug.