CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
97.1%
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
Vendor | Product | Version | CPE |
---|---|---|---|
sendmail | sendmail | * | cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:* |
sendmail | sendmail | 8.8.8 | cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:* |
sendmail | sendmail | 8.9.0 | cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:* |
sendmail | sendmail | 8.9.1 | cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:* |
sendmail | sendmail | 8.9.2 | cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:* |
sendmail | sendmail | 8.9.3 | cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:* |
sendmail | sendmail | 8.10 | cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:* |
sendmail | sendmail | 8.10.1 | cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:* |
sendmail | sendmail | 8.10.2 | cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:* |
sendmail | sendmail | 8.11.0 | cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:* |
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc
ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html
secunia.com/advisories/15779
secunia.com/advisories/20473
secunia.com/advisories/20641
secunia.com/advisories/20650
secunia.com/advisories/20651
secunia.com/advisories/20654
secunia.com/advisories/20673
secunia.com/advisories/20675
secunia.com/advisories/20679
secunia.com/advisories/20683
secunia.com/advisories/20684
secunia.com/advisories/20694
secunia.com/advisories/20726
secunia.com/advisories/20782
secunia.com/advisories/21042
secunia.com/advisories/21160
secunia.com/advisories/21327
secunia.com/advisories/21612
secunia.com/advisories/21647
securitytracker.com/id?1016295
slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382
sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1
support.avaya.com/elmodocs2/security/ASA-2006-148.htm
www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only
www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only
www.debian.org/security/2006/dsa-1155
www.f-secure.com/security/fsc-2006-5.shtml
www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html
www.gentoo.org/security/en/glsa/glsa-200606-19.xml
www.kb.cert.org/vuls/id/146718
www.mandriva.com/security/advisories?name=MDKSA-2006:104
www.openbsd.org/errata38.html#sendmail2
www.osvdb.org/26197
www.redhat.com/support/errata/RHSA-2006-0515.html
www.securityfocus.com/archive/1/437928/100/0/threaded
www.securityfocus.com/archive/1/438241/100/0/threaded
www.securityfocus.com/archive/1/438330/100/0/threaded
www.securityfocus.com/archive/1/440744/100/0/threaded
www.securityfocus.com/archive/1/442939/100/0/threaded
www.securityfocus.com/bid/18433
www.sendmail.com/security/advisories/SA-200605-01.txt.asc
www.vupen.com/english/advisories/2006/2189
www.vupen.com/english/advisories/2006/2351
www.vupen.com/english/advisories/2006/2388
www.vupen.com/english/advisories/2006/2389
www.vupen.com/english/advisories/2006/2390
www.vupen.com/english/advisories/2006/2798
www.vupen.com/english/advisories/2006/3135
exchange.xforce.ibmcloud.com/vulnerabilities/27128
issues.rpath.com/browse/RPL-526
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253