OpenPKG Security Advisory
OpenPKG-SA-2006.007
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2006.007 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2006.007 Advisory Published: 2008-07-25 12:37 UTC Issue Id (internal): OpenPKG-SI-20060322.01 Issue First Created: 2006-03-22 Issue Last Modified: 2006-12-07 Issue Revision: 07
Subject Name: Sendmail Subject Summary: Mail Transfer Agent Subject Home: http://www.sendmail.org/ Subject Versions: * <= 8.13.5 Vulnerability Id: CVE-2006-0058 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: arbitrary code execution Description: According to a vendor security advisory [0] based on research by from Mark Dowd of ISS X-Force, a vulnerability exists in the Sendmail MTA [1]. Under some specific timing conditions, the vulnerability may permit a specifically crafted attack to take over the "sendmail" MTA process, allowing remote attackers to execute commands and run arbitrary programs on the system running the MTA, affecting email delivery, or tampering with other programs and data on this system. References: [0] http://www.sendmail.com/company/advisory/index.shtml [1] http://www.sendmail.org/
Primary Package Name: sendmail Primary Package Home: http://openpkg.org/go/package/sendmail Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 2.3-SOLID sendmail-8.13.3-2.3.0 OpenPKG Community 2.4-SOLID sendmail-8.13.4-2.4.0 OpenPKG Community 2.5-SOLID sendmail-8.13.5-2.5.0 OpenPKG Community CURRENT sendmail-8.13.5-20060219 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2.3-SOLID sendmail-8.13.3-2.3.1 OpenPKG Community 2.4-SOLID sendmail-8.13.4-2.4.1 OpenPKG Community 2.5-SOLID sendmail-8.13.5-2.5.1 OpenPKG Community CURRENT sendmail-8.13.6-20060322
