Bug 195776 - Sendmail security flaw (ref: CVE-2006-1173): Denial of service
Sendmail security flaw (ref: CVE-2006-1173): Denial of service
Status: CLOSED DUPLICATE of bug 195775
Product: Fedora
Classification: Fedora
Component: sendmail (Show other bugs)
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Thomas Woerner
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2006-06-17 12:55 EDT by Gilbert Sebenste
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-06-19 12:03:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Gilbert Sebenste 2006-06-17 12:55:34 EDT
Description of problem: This may have gotten wiped out by the Bugzilla
hard drive crash; I didn't look close to see that it was filed only under 
Fedora Core development. My bad. Anyway...to the security flaw you've come to 
know and love:

Sendmail does not properly handle malformed multipart MIME messages. This
vulnerability may allow a remote, unauthenticated attacker to cause a
denial-of-service condition.

Version-Release number of selected component (if applicable):

Additional info:

"A flaw in the handling of multi-part MIME messages was discovered in
Sendmail.  A remote attacker could create a carefully crafted message that
could crash the sendmail process during delivery (CVE-2006-1173).  By
default on Red Hat Enterprise Linux, Sendmail is configured to only accept
connections from the local host. Therefore, only users who have configured
Sendmail to listen to remote hosts would be remotely vulnerable to this issue.
"Users of Sendmail are advised to upgrade to these erratum packages, which
contain a backported patch from the Sendmail team to correct this issue."

   * http://www.kb.cert.org/vuls/id/146718
   * http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
   * Sendmail advisory "Sendmail-SA-200605-01":

How reproducible:

Steps to Reproduce:
1. See above.
Actual results:
Sendmail can be DOS'd.

Expected results:
Emails should get through and no DOS'd. Also, this version fixes
some other bugs of note, reference http://www.sendmail.org.
Comment 1 Thomas Woerner 2006-06-19 12:03:09 EDT

*** This bug has been marked as a duplicate of 195775 ***

Note You need to log in before you can comment on or make changes to this bug.