NVD脆弱性詳細

CVE-2006-1173

概要	Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
公表日	2006年6月8日8:06
登録日	2021年1月29日15:33
最終更新日	2018年10月19日1:31

CVSS2.0 : MEDIUM
スコア	5.0
ベクター	AV:N/AC:L/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:sendmail:sendmail:8.8.8:::::::*
cpe:2.3:a:sendmail:sendmail:8.9.0:::::::*
cpe:2.3:a:sendmail:sendmail:8.9.1:::::::*
cpe:2.3:a:sendmail:sendmail:8.9.2:::::::*
cpe:2.3:a:sendmail:sendmail:8.9.3:::::::*
cpe:2.3:a:sendmail:sendmail:8.10:::::::*
cpe:2.3:a:sendmail:sendmail:8.10.1:::::::*
cpe:2.3:a:sendmail:sendmail:8.10.2:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.0:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.1:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.2:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.3:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.4:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.5:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.6:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.7:::::::*
cpe:2.3:a:sendmail:sendmail:8.12:beta10::::::
cpe:2.3:a:sendmail:sendmail:8.12:beta12::::::
cpe:2.3:a:sendmail:sendmail:8.12:beta16::::::
cpe:2.3:a:sendmail:sendmail:8.12:beta5::::::
cpe:2.3:a:sendmail:sendmail:8.12:beta7::::::
cpe:2.3:a:sendmail:sendmail:8.12.0:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.1:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.2:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.3:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.4:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.5:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.6:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.7:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.8:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.9:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.10:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.11:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.0:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.1:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.1.2:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.2:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.3:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.4:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.5:::::::*
cpe:2.3:a:sendmail:sendmail::::::::		8.13.6

関連情報、対策とツール

No	URL	refsource	タグ
1	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc	FREEBSD
2	ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P	SGI
3	ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc	SGI
4	http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635	HP
5	http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html	SUSE
6	http://secunia.com/advisories/15779	SECUNIA	Patch Vendor Advisory
7	http://secunia.com/advisories/20473	SECUNIA	Patch Vendor Advisory
8	http://secunia.com/advisories/20641	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/20650	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/20651	SECUNIA	Vendor Advisory
11	http://secunia.com/advisories/20654	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/20673	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/20675	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/20679	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/20683	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/20684	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/20694	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/20726	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/20782	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/21042	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/21160	SECUNIA	Vendor Advisory
22	http://secunia.com/advisories/21327	SECUNIA	Vendor Advisory
23	http://secunia.com/advisories/21612	SECUNIA	Vendor Advisory
24	http://secunia.com/advisories/21647	SECUNIA	Vendor Advisory
25	http://securitytracker.com/id?1016295	SECTRACK
26	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382	SLACKWARE
27	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1	SUNALERT	Patch Vendor Advisory
28	http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm	CONFIRM
29	http://www.debian.org/security/2006/dsa-1155	DEBIAN
30	http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html	CONFIRM
31	http://www.f-secure.com/security/fsc-2006-5.shtml	CONFIRM
32	http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml	GENTOO
33	http://www.kb.cert.org/vuls/id/146718	CERT-VN	Third Party Advisory US Government Resource
34	http://www.mandriva.com/security/advisories?name=MDKSA-2006:104	MANDRIVA
35	http://www.openbsd.org/errata38.html#sendmail2	OPENBSD
36	http://www.osvdb.org/26197	OSVDB
37	http://www.redhat.com/support/errata/RHSA-2006-0515.html	REDHAT
38	http://www.securityfocus.com/archive/1/437928/100/0/threaded	BUGTRAQ
39	http://www.securityfocus.com/archive/1/438241/100/0/threaded	BUGTRAQ
40	http://www.securityfocus.com/archive/1/438330/100/0/threaded	BUGTRAQ
41	http://www.securityfocus.com/archive/1/440744/100/0/threaded	BUGTRAQ
42	http://www.securityfocus.com/archive/1/442939/100/0/threaded	HP
43	http://www.securityfocus.com/bid/18433	BID	Patch
44	http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc	CONFIRM	Patch Vendor Advisory
45	http://www.vupen.com/english/advisories/2006/2189	VUPEN
46	http://www.vupen.com/english/advisories/2006/2351	VUPEN
47	http://www.vupen.com/english/advisories/2006/2388	VUPEN
48	http://www.vupen.com/english/advisories/2006/2389	VUPEN	Vendor Advisory
49	http://www.vupen.com/english/advisories/2006/2390	VUPEN
50	http://www.vupen.com/english/advisories/2006/2798	VUPEN
51	http://www.vupen.com/english/advisories/2006/3135	VUPEN
52	http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only	AIXAPAR
53	http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only	AIXAPAR
54	https://exchange.xforce.ibmcloud.com/vulnerabilities/27128	XF
55	https://issues.rpath.com/browse/RPL-526	CONFIRM
56	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253	OVAL

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html

構成1	以上	以下	より上	未満
cpe:2.3:a:sendmail:sendmail:8.8.8:::::::*
cpe:2.3:a:sendmail:sendmail:8.9.0:::::::*
cpe:2.3:a:sendmail:sendmail:8.9.1:::::::*
cpe:2.3:a:sendmail:sendmail:8.9.2:::::::*
cpe:2.3:a:sendmail:sendmail:8.9.3:::::::*
cpe:2.3:a:sendmail:sendmail:8.10:::::::*
cpe:2.3:a:sendmail:sendmail:8.10.1:::::::*
cpe:2.3:a:sendmail:sendmail:8.10.2:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.0:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.1:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.2:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.3:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.4:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.5:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.6:::::::*
cpe:2.3:a:sendmail:sendmail:8.11.7:::::::*
cpe:2.3:a:sendmail:sendmail:8.12:beta10::::::
cpe:2.3:a:sendmail:sendmail:8.12:beta12::::::
cpe:2.3:a:sendmail:sendmail:8.12:beta16::::::
cpe:2.3:a:sendmail:sendmail:8.12:beta5::::::
cpe:2.3:a:sendmail:sendmail:8.12:beta7::::::
cpe:2.3:a:sendmail:sendmail:8.12.0:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.1:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.2:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.3:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.4:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.5:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.6:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.7:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.8:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.9:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.10:::::::*
cpe:2.3:a:sendmail:sendmail:8.12.11:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.0:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.1:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.1.2:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.2:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.3:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.4:::::::*
cpe:2.3:a:sendmail:sendmail:8.13.5:::::::*
cpe:2.3:a:sendmail:sendmail::::::::		8.13.6