QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-4434

Back to search

CVE-2006-4434

Published: Aug 29, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

VendorProductVersions

n/a

n/a

affected
n/a

References

[3.9] 20060825 005: SECURITY FIX: August 25, 2006
vendor-advisory
x_refsource_OPENBSD
1016753
vdb-entry
x_refsource_SECTRACK
21637
third-party-advisory
x_refsource_SECUNIA
ADV-2006-3994
vdb-entry
x_refsource_VUPEN
28193
vdb-entry
x_refsource_OSVDB
21749
third-party-advisory
x_refsource_SECUNIA
21700
third-party-advisory
x_refsource_SECUNIA
DSA-1164
vendor-advisory
x_refsource_DEBIAN
21641
third-party-advisory
x_refsource_SECUNIA
ADV-2006-3393
vdb-entry
x_refsource_VUPEN
MDKSA-2006:156
vendor-advisory
x_refsource_MANDRIVA
19714
vdb-entry
x_refsource_BID
SUSE-SR:2006:021
vendor-advisory
x_refsource_SUSE
102664
vendor-advisory
x_refsource_SUNALERT
22369
third-party-advisory
x_refsource_SECUNIA
[3.8] 20060825 010: SECURITY FIX: August 25, 2006
vendor-advisory
x_refsource_OPENBSD
21696
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now