Description of problem: This may have gotten wiped out by the Bugzilla hard drive crash; I didn't look close to see that it was filed only under Fedora Core development. My bad. Anyway...to the security flaw you've come to know and love: Sendmail does not properly handle malformed multipart MIME messages. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition. Version-Release number of selected component (if applicable): 8.13.7 Additional info: "A flaw in the handling of multi-part MIME messages was discovered in Sendmail. A remote attacker could create a carefully crafted message that could crash the sendmail process during delivery (CVE-2006-1173). By default on Red Hat Enterprise Linux, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be remotely vulnerable to this issue. "Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue." References: * http://www.kb.cert.org/vuls/id/146718 * http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173 * Sendmail advisory "Sendmail-SA-200605-01": http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc How reproducible: Always Steps to Reproduce: 1. See above. 2. 3. Actual results: Sendmail can be DOS'd. Expected results: Emails should get through and no DOS'd. Also, this version fixes some other bugs of note, reference http://www.sendmail.org.
*** This bug has been marked as a duplicate of 195775 ***