CERT-In Vulnerability Note CIVN-2006-85
Sendmail Long Header Denial of Service Vulnerability

Original Issue Date: September 02, 2006

Severity Rating: High

Systems Affected

Sendmail 8.13.7

Overview

A vulnerability has been reported in Sendmail which could be exploited by a remote malicious attacker to cause a denial of service attack.

Description

A vulnerability has been reported in Sendmail due to "use-after-free" error while processing an e-mail with overly long header part. A remote attacker could send an e-mail with specially crafted long header lines to trigger a "use-after-free" flaw and cause the target Sendmail service to crash which lead to denial of service attack.

Solution

Update to the latest version
http://www.sendmail.org/releases/8.13.8.html

Vendor Information

Sendmail.org
http://www.sendmail.org/releases/8.13.8.html

References

Original Advisory
http://www.openbsd.org/errata.html

Security Focus
http://www.securityfocus.com/bid/19714

Secunia
http://secunia.com/advisories/21637

CVE Name
CVE-2006-4434

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003