Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57300
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1155-2 (sendmail)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to sendmail
announced via advisory DSA 1155-2.

It turned out that the sendmail binary depends on libsasl2 (>= 2.1.19.dfsg1)
which is neither available in the stable nor in the the security archive.
This version is scheduled for the inclusion in the next update of the
stable release, though.

You'll have to download the referenced file for your architecture from
below and install it with dpkg -i.

As an alternative, temporarily adding the following line to
/etc/apt/sources.list will mitigate the problem as well:

deb http://ftp.debian.de/debian stable-proposed-updates main

Here is the original security advisory for completeness:

Frank Sheiness discovered that a MIME conversion routine in sendmail,
a powerful, efficient, and scalable mail transport agent, could be
tricked by a specially crafted mail to perform an endless recursion.

For the stable distribution (sarge) this problem has been fixed in
version 8.13.4-3sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 8.13.7-1.

We recommend that you upgrade your sendmail package.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201155-2

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: BugTraq ID: 18433
Common Vulnerability Exposure (CVE) ID: CVE-2006-1173
AIX APAR: IY85415
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only
AIX APAR: IY85930
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only
http://www.securityfocus.com/bid/18433
Bugtraq: 20060620 Sendmail MIME DoS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/437928/100/0/threaded
Bugtraq: 20060624 Re: Sendmail MIME DoS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/438241/100/0/threaded
http://www.securityfocus.com/archive/1/438330/100/0/threaded
Bugtraq: 20060721 rPSA-2006-0134-1 sendmail sendmail-cf (Google Search)
http://www.securityfocus.com/archive/1/440744/100/0/threaded
CERT/CC vulnerability note: VU#146718
http://www.kb.cert.org/vuls/id/146718
Debian Security Information: DSA-1155 (Google Search)
http://www.debian.org/security/2006/dsa-1155
FreeBSD Security Advisory: FreeBSD-SA-06:17.sendmail
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc
http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml
HPdes Security Advisory: HPSBTU02116
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
HPdes Security Advisory: HPSBUX02124
http://www.securityfocus.com/archive/1/442939/100/0/threaded
HPdes Security Advisory: SSRT061135
HPdes Security Advisory: SSRT061159
http://www.mandriva.com/security/advisories?name=MDKSA-2006:104
OpenBSD Security Advisory: [3.8] 008: SECURITY FIX: June 15, 2006
http://www.openbsd.org/errata38.html#sendmail2
http://www.osvdb.org/26197
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253
http://www.redhat.com/support/errata/RHSA-2006-0515.html
http://securitytracker.com/id?1016295
http://secunia.com/advisories/15779
http://secunia.com/advisories/20473
http://secunia.com/advisories/20641
http://secunia.com/advisories/20650
http://secunia.com/advisories/20651
http://secunia.com/advisories/20654
http://secunia.com/advisories/20673
http://secunia.com/advisories/20675
http://secunia.com/advisories/20679
http://secunia.com/advisories/20683
http://secunia.com/advisories/20684
http://secunia.com/advisories/20694
http://secunia.com/advisories/20726
http://secunia.com/advisories/20782
http://secunia.com/advisories/21042
http://secunia.com/advisories/21160
http://secunia.com/advisories/21327
http://secunia.com/advisories/21612
http://secunia.com/advisories/21647
SGI Security Advisory: 20060601-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P
SGI Security Advisory: 20060602-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1
SuSE Security Announcement: SUSE-SA:2006:032 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html
http://www.vupen.com/english/advisories/2006/2189
http://www.vupen.com/english/advisories/2006/2351
http://www.vupen.com/english/advisories/2006/2388
http://www.vupen.com/english/advisories/2006/2389
http://www.vupen.com/english/advisories/2006/2390
http://www.vupen.com/english/advisories/2006/2798
http://www.vupen.com/english/advisories/2006/3135
XForce ISS Database: sendmail-multipart-mime-dos(27128)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27128
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.