Intrusion Prevention

POP3.MIME.Deep.Nesting

Description

Sendmail has a denial-of-service vulnerability because the application fails to properly handle malformed multi-part MIME messages.
An attacker can leverage this issue to crash the sendmail process.

Affected Products

Sendmail before 8.13.7

Impact

Denial of service.

Recommended Actions

Upgrade to the latest version.
HP HP-UX B.11.00
HP PHNE_34900
Sendmail 8.8.6 and 8.9.3
http://itrc.hp.com
Sendmail Consortium Sendmail 8.11.2
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
Sendmail Consortium Sendmail 8.11.3
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
Sendmail Consortium Sendmail 8.11.6
Fedora Legacy sendmail-8.12.11-4.22.11.legacy.i386.rpm
Red Hat Linux 7.3:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-8.12 .11-4.22.11.legacy.i386.rpm
Fedora Legacy sendmail-cf-8.12.11-4.22.11.legacy.i386.rpm
Red Hat Linux 7.3:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-cf-8 .12.11-4.22.11.legacy.i386.rpm
Fedora Legacy sendmail-devel-8.12.11-4.22.11.legacy.i386.rpm
Red Hat Linux 7.3:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-deve l-8.12.11-4.22.11.legacy.i386.rpm
Fedora Legacy sendmail-doc-8.12.11-4.22.11.legacy.i386.rpm
Red Hat Linux 7.3:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-doc- 8.12.11-4.22.11.legacy.i386.rpm
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
Turbolinux sendmail-8.13.6-4.i586.rpm
Turbolinux 7 Server
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/sendmail-8.13.6-4.i586.rpm
Turbolinux sendmail-8.13.6-4.i586.rpm
Turbolinux 8 Workstation
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/sendmail-8.13.6-4.i586.rpm
Turbolinux sendmail-cf-8.13.6-4.i586.rpm
Turbolinux 7 Server
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/sendmail-cf-8.13.6-4.i586.rpm
Turbolinux sendmail-cf-8.13.6-4.i586.rpm
Turbolinux 8 Workstation
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/sendmail-cf-8.13.6-4.i586.rpm
Turbolinux sendmail-doc-8.13.6-4.i586.rpm
Turbolinux 7 Server
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/sendmail-doc-8.13.6-4.i586.rpm
Turbolinux sendmail-doc-8.13.6-4.i586.rpm
Turbolinux 8 Workstation
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/sendmail-doc-8.13.6-4.i586.rpm
Sendmail Consortium Sendmail 8.11.7
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
Sendmail Consortium Sendmail 8.12 beta5
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
Sendmail Consortium Sendmail 8.12.1
Mandriva sendmail-8.12.11-1.2.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download
Mandriva sendmail-8.12.11-1.2.M20mdk.src.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download
Mandriva sendmail-cf-8.12.11-1.2.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
Turbolinux sendmail-8.12.10-7.i586.rpm
Turbolinux Appliance Server 1.0 Hosting Edition
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
Turbolinux sendmail-8.12.10-7.i586.rpm
Turbolinux Appliance Server 1.0 Workgroup Edition
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
Turbolinux sendmail-cf-8.12.10-7.i586.rpm
Turbolinux Appliance Server 1.0 Hosting Edition
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
Turbolinux sendmail-cf-8.12.10-7.i586.rpm
Turbolinux Appliance Server 1.0 Workgroup Edition
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
Turbolinux sendmail-doc-8.12.10-7.i586.rpm
Turbolinux Appliance Server 1.0 Hosting Edition
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
Turbolinux sendmail-doc-8.12.10-7.i586.rpm
Turbolinux Appliance Server 1.0 Workgroup Edition
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
Sendmail Consortium Sendmail 8.12.11
Fedora Legacy sendmail-8.12.11-4.26.1.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-8.12.1 1-4.26.1.legacy.i386.rpm
Fedora Legacy sendmail-8.13.1-4.legacy.i386.rpm
Fedora Core 3:
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-8.13.1 -4.legacy.i386.rpm
Fedora Legacy sendmail-cf-8.12.11-4.26.1.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-cf-8.1 2.11-4.26.1.legacy.i386.rpm
Fedora Legacy sendmail-cf-8.13.1-4.legacy.i386.rpm
Fedora Core 3:
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-cf-8.1 3.1-4.legacy.i386.rpm
Fedora Legacy sendmail-devel-8.12.11-4.26.1.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-devel- 8.12.11-4.26.1.legacy.i386.rpm
Fedora Legacy sendmail-devel-8.13.1-4.legacy.i386.rpm
Fedora Core 3:
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-devel- 8.13.1-4.legacy.i386.rpm
Fedora Legacy sendmail-doc-8.12.11-4.26.1.legacy.i386.rpm
Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-doc-8. 12.11-4.26.1.legacy.i386.rpm
Fedora Legacy sendmail-doc-8.13.1-4.legacy.i386.rpm
Fedora Core 3:
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-doc-8. 13.1-4.legacy.i386.rpm
Mandriva sendmail-8.12.11-1.2.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva sendmail-8.12.11-1.2.C30mdk.src.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva sendmail-8.12.11-1.2.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva sendmail-cf-8.12.11-1.2.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva sendmail-cf-8.12.11-1.2.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva sendmail-devel-8.12.11-1.2.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva sendmail-devel-8.12.11-1.2.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva sendmail-doc-8.12.11-1.2.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva sendmail-doc-8.12.11-1.2.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
Sendmail Consortium Sendmail 8.12.4
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
Sendmail Consortium Sendmail 8.12.7
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
Sendmail Consortium Sendmail 8.12.8
Fedora Legacy sendmail-8.12.11-4.24.4.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-8.12.1 1-4.24.4.legacy.i386.rpm
Fedora Legacy sendmail-cf-8.12.11-4.24.4.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-cf-8.1 2.11-4.24.4.legacy.i386.rpm
Fedora Legacy sendmail-devel-8.12.11-4.24.4.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-devel- 8.12.11-4.24.4.legacy.i386.rpm
Fedora Legacy sendmail-doc-8.12.11-4.24.4.legacy.i386.rpm
Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-doc-8. 12.11-4.24.4.legacy.i386.rpm
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
Sendmail Consortium Sendmail 8.12.9
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
Sendmail Consortium Sendmail 8.13.5
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
Sendmail Consortium Sendmail 8.9.2
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
Sendmail Consortium Sendmail 8.9.3
Sendmail Consortium sendmail.8.13.7.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz

CVE References

CVE-2006-1173