Sendmail Multi-Part MIME Message Handling Denial of Service vulnarability

Published: 2006-06-15
Last Updated: 2006-06-15 13:05:13 UTC
by Kevin Hong (Version: 1)
0 comment(s)

The new Sendmail vulnerability reported and is cause due to an error in the termination of the recursive "mime8to7()" function when performing MIME conversions. It can be exploited to cause a certain sendmail process to crash when it runs out of stack space while processing a deeply nested malformed MIME message. It can be exploited by malicious people to cause a DoS (Denial of Service). You can apply patch or upgrade to 8.13.7 version.

Affected Version : 8.13.6 and prior.


The additional vulnerability information can be found following sites.
http://www.sendmail.org/releases/8.13.7.html
http://www.kb.cert.org/vuls/id/146718

Keywords:
0 comment(s)

Comments


Diary Archives