FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sendmail -- race condition vulnerability

Affected packages
8.13	<	sendmail	<	8.13.6
6.0	<=	FreeBSD	<	6.0_6
5.4	<=	FreeBSD	<	5.4_13
5.3	<=	FreeBSD	<	5.3_28
4.11	<=	FreeBSD	<	4.11_16
4.10	<=	FreeBSD	<	4.10_22

Details

VuXML ID	08ac7b8b-bb30-11da-b2fb-000e0c2e438a
Discovery	2006-03-22
Entry	2006-03-24
Modified	2006-06-09

Problem Description

A race condition has been reported to exist in the handling by sendmail of asynchronous signals.

Impact

A remote attacker may be able to execute arbitrary code with the privileges of the user running sendmail, typically root.

Workaround

There is no known workaround other than disabling sendmail.

References

CVE Name	CVE-2006-0058
FreeBSD Advisory	SA-06:13.sendmail

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.