Sendmail Race Condition Vulnerability

Sendmail versions prior to 8.13.6.

A race condition in Sendmail may allow a remote attacker to execute
arbitrary code.

Sendmail contains a race condition caused by the improper handling of
asynchronous signals. In particular, by forcing the SMTP server to
have an I/O timeout at exactly the correct instant, an attacker
may be able to execute arbitrary code with the privileges of the
Sendmail process.

Details, including statements from affected vendors are available in the
following Vulnerability Note:


VU#834865 - Sendmail contains a race condition




A race condition in Sendmail may allow a remote attacker to execute arbitrary code.


(CVE-2006-0058)

Please refer to the Sendmail MTA Security Vulnerability Advisory and the Sendmail version 8.13.6 release page for more information.

Impact

A remote, unauthenticated attacker could execute arbitrary code with
the privileges of the Sendmail process. If Sendmail is running as
root, the attacker could take complete control of an affected system.

Solution

Upgrade Sendmail

Sendmail version 8.13.6 has been
released to correct this issue. In addition to VU#834865, Sendmail 8.13.6 addresses other security issues and potential weaknesses in the Sendmail code.

Patches to correct this issue in Sendmail versions 8.12.11 and 8.13.5 are also available.

Appendix A. References

• US-CERT Vulnerability Note VU#834865 - http://www.kb.cert.org/vuls/id/834865
• Sendmail version 8.13.6 - http://www.sendmail.org/8.13.6.html
• Sendmail MTA Security Vulnerability Advisory - http://www.sendmail.com/company/advisory
• Sendmail version 8.12.11 Patch - ftp://ftp.sendmail.org/pub/sendmail/8.12.11.p0
• Sendmail version 8.13.5 Patch - ftp://ftp.sendmail.org/pub/sendmail/8.13.5.p0
• CVE-2006-0058 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058

Feedback can be directed to the US-CERT Technical Staff

Produced by US-CERT, a government organization. Terms of use

Revision History

• March 22, 2006: Initial release
  

  Last updated