CVE-2006-4434: Use After Free
First published: Tue Aug 29 2006(Updated: )
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sendmail | <8.13.8 | |
| Sendmail | =8.9.2 | |
| Sendmail | =8.12.11 | |
| Sendmail | =8.11.4 | |
| Sendmail | =8.13.4 | |
| Sendmail | =8.8.8 | |
| Sendmail | =8.11.7 | |
| Sendmail | =8.12-beta16 | |
| Sendmail | =8.11.1 | |
| Sendmail | =8.11.0 | |
| Sendmail | =8.13.5 | |
| Sendmail | =8.12.3 | |
| Sendmail | =8.11.3 | |
| Sendmail | =8.12.8 | |
| Sendmail | =5.59 | |
| Sendmail | =5.61 | |
| Sendmail | =8.12.9 | |
| Sendmail | =8.9.1 | |
| Sendmail | =8.10.2 | |
| Sendmail | =8.12.4 | |
| Sendmail | =8.12-beta12 | |
| Sendmail | =8.13.6 | |
| Sendmail | =8.9.0 | |
| Sendmail | =8.10.1 | |
| Sendmail | =8.12.1 | |
| Sendmail | =8.13.7 | |
| Sendmail | =5.65 | |
| Sendmail | =4.55 | |
| Sendmail | =8.11.6 | |
| Sendmail | =8.12.5 | |
| Sendmail | =8.10 | |
| Sendmail | =8.12-beta7 | |
| Sendmail | =8.9.3 | |
| Sendmail | =8.12.0 | |
| Sendmail | =4.1 | |
| Sendmail | =8.12-beta5 | |
| Sendmail | =8.12.6 | |
| Sendmail | =8.12-beta10 | |
| Sendmail | =8.12.2 | |
| Sendmail | =8.11.2 | |
| Sendmail | =8.12.7 | |
| Sendmail | =8.12.10 | |
| Sendmail | =8.11.5 | |
| Sendmail | =8.13.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.sendmail.org/releases/8.13.8.html
- http://www.openbsd.org/errata38.html#sendmail3
- http://www.openbsd.org/errata.html#sendmail3
- http://www.securityfocus.com/bid/19714
- http://securitytracker.com/id?1016753
- http://secunia.com/advisories/21637
- http://secunia.com/advisories/21641
- http://www.debian.org/security/2006/dsa-1164
- http://www.attrition.org/pipermail/vim/2006-August/000999.html
- http://secunia.com/advisories/21696
- http://secunia.com/advisories/21700
- http://www.novell.com/linux/security/advisories/2006_21_sr.html
- http://www.osvdb.org/28193
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1
- http://secunia.com/advisories/22369
- http://secunia.com/advisories/21749
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:156
- http://www.vupen.com/english/advisories/2006/3994
- http://www.vupen.com/english/advisories/2006/3393
Frequently Asked Questions
What is the severity of CVE-2006-4434?
CVE-2006-4434 has been assessed as a denial of service vulnerability, which can lead to a crash of the Sendmail service.
How do I fix CVE-2006-4434?
To address CVE-2006-4434, you should upgrade Sendmail to version 8.13.8 or later.
What versions of Sendmail are affected by CVE-2006-4434?
CVE-2006-4434 affects Sendmail versions prior to 8.13.8, including 8.13.7, 8.13.6, and earlier versions.
Can CVE-2006-4434 be exploited remotely?
Yes, CVE-2006-4434 can be exploited remotely, allowing attackers to send specially crafted header lines to trigger the vulnerability.
What happens if I do not address CVE-2006-4434?
If CVE-2006-4434 is not addressed, it may leave your Sendmail service vulnerable to crashes and disrupt email communications.
- agent/type
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- agent/author
- vendor/sendmail
- canonical/sendmail
- version/sendmail/8.9.2
- version/sendmail/8.12.11
- version/sendmail/8.11.4
- version/sendmail/8.13.4
- version/sendmail/8.8.8
- version/sendmail/8.11.7
- version/sendmail/8.12-beta16
- version/sendmail/8.11.1
- version/sendmail/8.11.0
- version/sendmail/8.13.5
- version/sendmail/8.12.3
- version/sendmail/8.11.3
- version/sendmail/8.12.8
- version/sendmail/5.59
- version/sendmail/5.61
- version/sendmail/8.12.9
- version/sendmail/8.9.1
- version/sendmail/8.10.2
- version/sendmail/8.12.4
- version/sendmail/8.12-beta12
- version/sendmail/8.13.6
- version/sendmail/8.9.0
- version/sendmail/8.10.1
- version/sendmail/8.12.1
- version/sendmail/8.13.7
- version/sendmail/5.65
- version/sendmail/4.55
- version/sendmail/8.11.6
- version/sendmail/8.12.5
- version/sendmail/8.10
- version/sendmail/8.12-beta7
- version/sendmail/8.9.3
- version/sendmail/8.12.0
- version/sendmail/4.1
- version/sendmail/8.12-beta5
- version/sendmail/8.12.6
- version/sendmail/8.12-beta10
- version/sendmail/8.12.2
- version/sendmail/8.11.2
- version/sendmail/8.12.7
- version/sendmail/8.12.10
- version/sendmail/8.11.5
- version/sendmail/8.13.3