Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56945
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0515
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0515.

Sendmail is a Mail Transport Agent (MTA) used to send mail between machines.

A flaw in the handling of multi-part MIME messages was discovered in
Sendmail. A remote attacker could create a carefully crafted message that
could crash the sendmail process during delivery (CVE-2006-1173). By
default on Red Hat Enterprise Linux, Sendmail is configured to only accept
connections from the local host. Therefore, only users who have configured
Sendmail to listen to remote hosts would be remotely vulnerable to this issue.

Users of Sendmail are advised to upgrade to these erratum packages, which
contain a backported patch from the Sendmail team to correct this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0515.html
http://www.kb.cert.org/vuls/id/146718
http://www.redhat.com/security/updates/classification/#important

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-1173
AIX APAR: IY85415
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only
AIX APAR: IY85930
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only
BugTraq ID: 18433
http://www.securityfocus.com/bid/18433
Bugtraq: 20060620 Sendmail MIME DoS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/437928/100/0/threaded
Bugtraq: 20060624 Re: Sendmail MIME DoS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/438241/100/0/threaded
http://www.securityfocus.com/archive/1/438330/100/0/threaded
Bugtraq: 20060721 rPSA-2006-0134-1 sendmail sendmail-cf (Google Search)
http://www.securityfocus.com/archive/1/440744/100/0/threaded
CERT/CC vulnerability note: VU#146718
http://www.kb.cert.org/vuls/id/146718
Debian Security Information: DSA-1155 (Google Search)
http://www.debian.org/security/2006/dsa-1155
FreeBSD Security Advisory: FreeBSD-SA-06:17.sendmail
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc
http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml
HPdes Security Advisory: HPSBTU02116
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
HPdes Security Advisory: HPSBUX02124
http://www.securityfocus.com/archive/1/442939/100/0/threaded
HPdes Security Advisory: SSRT061135
HPdes Security Advisory: SSRT061159
http://www.mandriva.com/security/advisories?name=MDKSA-2006:104
OpenBSD Security Advisory: [3.8] 008: SECURITY FIX: June 15, 2006
http://www.openbsd.org/errata38.html#sendmail2
http://www.osvdb.org/26197
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253
http://www.redhat.com/support/errata/RHSA-2006-0515.html
http://securitytracker.com/id?1016295
http://secunia.com/advisories/15779
http://secunia.com/advisories/20473
http://secunia.com/advisories/20641
http://secunia.com/advisories/20650
http://secunia.com/advisories/20651
http://secunia.com/advisories/20654
http://secunia.com/advisories/20673
http://secunia.com/advisories/20675
http://secunia.com/advisories/20679
http://secunia.com/advisories/20683
http://secunia.com/advisories/20684
http://secunia.com/advisories/20694
http://secunia.com/advisories/20726
http://secunia.com/advisories/20782
http://secunia.com/advisories/21042
http://secunia.com/advisories/21160
http://secunia.com/advisories/21327
http://secunia.com/advisories/21612
http://secunia.com/advisories/21647
SGI Security Advisory: 20060601-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P
SGI Security Advisory: 20060602-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1
SuSE Security Announcement: SUSE-SA:2006:032 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html
http://www.vupen.com/english/advisories/2006/2189
http://www.vupen.com/english/advisories/2006/2351
http://www.vupen.com/english/advisories/2006/2388
http://www.vupen.com/english/advisories/2006/2389
http://www.vupen.com/english/advisories/2006/2390
http://www.vupen.com/english/advisories/2006/2798
http://www.vupen.com/english/advisories/2006/3135
XForce ISS Database: sendmail-multipart-mime-dos(27128)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27128
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.