* 3APA3A <3APA3A@xxxxxxxxxxxxxxxx> [2006-06-15 12:14:13 +0400]:
> Dear security@xxxxxxxxxxxx,
>
> smc> References:
>
> smc> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
>
> Description Unspecified vulnerability in HP Tru64 UNIX 4.0F PK8 up to
> 5.1B-3 and HP Internet Express for Tru64 UNIX 6.3 through 6.5, when
> running Sendmail, might allow remote attackers to cause a denial of
> service or execute arbitrary code. NOTE: as of 20060607, due to the lack
> of details, it is not publicly known whether this issue is within
> Sendmail itself, and/or if it is specific to HP.
>
> smc> http://www.cert.org/advisories/146718
>
> Error 404.
>
> www.sendmail.org
>
> Recent News
>
> * Sendmail 8.13.7 is available (2006-06-14); it contains a fix for a
> potential denial of service problem caused by excessive recursion which leads
> to stack exhaustion when attempting delivery of a malformed MIME message.
>
> Does Somebody have details?
No, but if you find some, please share. =) The details received from
CERT were sketchy, and none of the other referenced docs had much more
info. Looking at the patch, it looks like it's a mime-nesting issue,
but doesn't really indicate how deep the nesting has to be to trigger
the crash.
The CVE entry should probably be updated as the problem is definitely in
sendmail, and AFAIK it's just a regular DoS as sendmail will crash on a
message with deeply-nested mime messages. I don't see anything in there
that makes me believe there could be the execution of arbitrary code
(but I could be wrong on that point).
--
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4}
mysql> SELECT * FROM users WHERE clue > 0;
Empty set (0.00sec)
:: Annvix - Secure Linux Server: http://annvix.org/ ::
Attachment:
pgptpvkMI8ggF.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/