The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Sendmail: denial of service when finishing

Synthesis of the vulnerability 

An attacker can create a malicious message stopping Sendmail.
Vulnerable products: Debian, AIX, Mandriva Linux, Mandriva NF, OpenBSD, openSUSE, Solaris, Sendmail, TurboLinux.
Severity of this weakness: 1/4.
Creation date: 28/08/2006.
Revision date: 30/08/2006.
Références of this bulletin: 102664, 6458595, BID-19714, CERTA-2006-AVI-378, CVE-2006-4434, DSA-1164-1, IZ25577, MDKSA-2006:156, SUSE-SR:2006:021, TLSA-2006-28, VIGILANCE-VUL-6126.

Description of the vulnerability 

The finis() function ends a session.

When a message contains long headers, this function continues to use the CurEnv->e_to pointer, which was freed. This error stops the process.

An attacker can therefore create a malicious message in order to stop Sendmail. As this error occurs at session end, its impact is small.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat announce impacts software or systems such as Debian, AIX, Mandriva Linux, Mandriva NF, OpenBSD, openSUSE, Solaris, Sendmail, TurboLinux.

Our Vigil@nce team determined that the severity of this cybersecurity alert is low.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this security alert.

Solutions for this threat 

Sendmail: version 8.13.8.
Version 8.13.8 is corrected:
  http://www.sendmail.org/

AIX: APAR pour Sendmail.
An APAR is available:
  IZ25577

Debian: new sendmail packages.
New packages are available:
  AMD64 architecture:
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_amd64.deb
      Size/MD5 checksum: 296634 6bd8032a3c89d24f918c544ec87794cc
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_amd64.deb
      Size/MD5 checksum: 213268 41723080176c78d5f2cf1d5764bba131
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_amd64.deb
      Size/MD5 checksum: 225344 27729b95e621ad6fc194e45c845268c7
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_amd64.deb
      Size/MD5 checksum: 851254 4928097e8c69f01e33d29bd0e371e796
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_amd64.deb
      Size/MD5 checksum: 197736 f5e2dde229ccd6457323c6d7dc746420
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_i386.deb
      Size/MD5 checksum: 287344 23bd405e21c9de501d7e8957ed5b2eae
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_i386.deb
      Size/MD5 checksum: 211730 2edbe3c6b12742657071e43618211f97
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_i386.deb
      Size/MD5 checksum: 222522 907a59032ba64011292bbff04e001409
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_i386.deb
      Size/MD5 checksum: 812646 8dc795ba8ffc47659d95f727c20c4711
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_i386.deb
      Size/MD5 checksum: 197428 64eab16e247f5ed9af468e2e804a3e53
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_ia64.deb
      Size/MD5 checksum: 330754 6f32b98862faace5980f5a809acbdbf7
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_ia64.deb
      Size/MD5 checksum: 220496 f94e024b1d70452c6e31aae8032c80cf
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_ia64.deb
      Size/MD5 checksum: 239734 77b337f036edd22ffee5bcd26ccc53fd
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_ia64.deb
      Size/MD5 checksum: 1162690 39b68375190c0ed7b7f6ec42cc08feb3
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_ia64.deb
      Size/MD5 checksum: 199028 ac0d46969e6f38ba6ea9695ba012fb83

Mandriva: new sendmail packages.
New packages are available:
 
 Mandriva Linux 2006.0:
 a870f27eea807314c3688258eed755a5 2006.0/RPMS/sendmail-8.13.4-6.3.20060mdk.i586.rpm
 35666ba77272168154638784d3126e8a 2006.0/RPMS/sendmail-cf-8.13.4-6.3.20060mdk.i586.rpm
 e68900de30eb26c1ad6023b6f25feda4 2006.0/RPMS/sendmail-devel-8.13.4-6.3.20060mdk.i586.rpm
 adbdad6844cc56e002e300703dfa800f 2006.0/RPMS/sendmail-doc-8.13.4-6.3.20060mdk.i586.rpm
 8db59bc684bf7ee7b50f8d9025aa2f99 2006.0/SRPMS/sendmail-8.13.4-6.3.20060mdk.src.rpm
 Mandriva Linux 2006.0/X86_64:
 1c23ae6dc8b9aad58efa1f45082bd594 x86_64/2006.0/RPMS/sendmail-8.13.4-6.3.20060mdk.x86_64.rpm
 4a4d76c56fb75c24994b0e7759033462 x86_64/2006.0/RPMS/sendmail-cf-8.13.4-6.3.20060mdk.x86_64.rpm
 15316c4ecd26d10f840a0e2e9cff0164 x86_64/2006.0/RPMS/sendmail-devel-8.13.4-6.3.20060mdk.x86_64.rpm
 31db86ce194192d535a6adbb60f86691 x86_64/2006.0/RPMS/sendmail-doc-8.13.4-6.3.20060mdk.x86_64.rpm
 8db59bc684bf7ee7b50f8d9025aa2f99 x86_64/2006.0/SRPMS/sendmail-8.13.4-6.3.20060mdk.src.rpm
 Corporate 3.0:
 421f3b45e01bbb9ea6dd907a60eafd21 corporate/3.0/RPMS/sendmail-8.12.11-1.3.C30mdk.i586.rpm
 363fe7e5f501e3c638f893e3bb805889 corporate/3.0/RPMS/sendmail-cf-8.12.11-1.3.C30mdk.i586.rpm
 efdfae3157d77708d2fdec4fdcbd2362 corporate/3.0/RPMS/sendmail-devel-8.12.11-1.3.C30mdk.i586.rpm
 05d8e255ebe10729361bde038ab999ec corporate/3.0/RPMS/sendmail-doc-8.12.11-1.3.C30mdk.i586.rpm
 bc7577c81a324fb8c2cb4392f9039372 corporate/3.0/SRPMS/sendmail-8.12.11-1.3.C30mdk.src.rpm
 Corporate 3.0/X86_64:
 65d846ef86d0df8d32316c79a2b9a326 x86_64/corporate/3.0/RPMS/sendmail-8.12.11-1.3.C30mdk.x86_64.rpm
 457e8e7d69b48bbeff20a54c3f01ef4d x86_64/corporate/3.0/RPMS/sendmail-cf-8.12.11-1.3.C30mdk.x86_64.rpm
 34e7e51ef099d09b4781d79b3e05be42 x86_64/corporate/3.0/RPMS/sendmail-devel-8.12.11-1.3.C30mdk.x86_64.rpm
 31d545ea1139af2b397a5e65d1b6c961 x86_64/corporate/3.0/RPMS/sendmail-doc-8.12.11-1.3.C30mdk.x86_64.rpm
 bc7577c81a324fb8c2cb4392f9039372 x86_64/corporate/3.0/SRPMS/sendmail-8.12.11-1.3.C30mdk.src.rpm
 Multi Network Firewall 2.0:
 d4f9409b6f07b43d8d28340553a42aac mnf/2.0/RPMS/sendmail-8.12.11-1.3.M20mdk.i586.rpm
 f50c4ea50ac1f24431c7a693cc665e72 mnf/2.0/RPMS/sendmail-cf-8.12.11-1.3.M20mdk.i586.rpm
 7b141d0baf6d3c42bc88bf9aec6c3c93 mnf/2.0/SRPMS/sendmail-8.12.11-1.3.M20mdk.src.rpm

OpenBSD: patch for sendmail.
A patch is available:
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/010_sendmail3.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/005_sendmail3.patch

Solaris: workaround and patch for Sendmail.
A patch is available:
  SPARC Platform
    * Solaris 9 : patch 113575-08
    * Solaris 10 : patch 125011-01
  x86 Platform
    * Solaris 9 : patch 114137-07
    * Solaris 10 : patch 125012-01
A workaround is to use coreadm (valid until sendmail is restarted) :
  coreadm -p core.%f $(pgrep sendmail)

SUSE: new dovecot, openldap2, gtetrinet, ruby, sendmail, streamripper, alsaplayer packages.
New packages are available via YaST or FTP.

Turbolinux: new sendmail packages.
New packages are available:
Turbolinux Appliance Server 2.0: sendmail-8.13.1-9
Turbolinux 10 Server: sendmail-8.13.1-9
Turbolinux Appliance Server 1.0: sendmail-8.12.10-9
Turbolinux 8 Server: sendmail-8.12.10-9
Turbolinux 7 Server: sendmail-8.13.6-5
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computers vulnerabilities bulletins. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.