{"vuid":"VU#834865","idnumber":"834865","name":"Sendmail signal I/O race condition","keywords":["Sendmail","stack pollution","arbitrary code execution","SMTP timeout","asynchronous signals","SIG30-C","SIG32-C"],"overview":"A race condition in Sendmail may allow a remote attacker to execute arbitrary code.","clean_desc":"Sendmail Sendmail is a widely used mail transfer agent (MTA). Mail Transfer Agents (MTA) MTAs are responsible for sending an receiving email messages over the internet. They are also referred to as mail servers or SMTP servers. The Problem Sendmail contains a race condition caused by the improper handling of asynchronous signals. In particular, by forcing SMTP server to have an I/O timeout at exactly the correct instant, the attacker may be able to execute arbitrary code with the privileges of the Sendmail process. More information is available in the Sendmail version 8.13.6 release page and the Sendmail MTA Security Vulnerability Advisory. This vulnerability occurred as a result of failing to comply with recommndations SIG32-C and SIG30-C of the CERT C Programming Language Secure Coding Standard. Considerations Versions of Sendmail prior to 8.13.6 are affected.","impact":"A remote, unauthenticated attacker could execute arbitrary code with the privileges of the Sendmail process. If Sendmail is running as root, the attacker could take complete control of an affected system.","resolution":"Upgrade\nThis issue is corrected in Sendmail version 8.13.6. Patches to correct this issue in Sendmail versions 8.12.11 and 8.13.5 are also available.","workarounds":"Refer to the Sendmail MTA Security Vulnerability Advisory for steps to reduce the impact of this vulnerability","sysaffected":"","thanks":"Thanks to Sendmail Inc. for reporting this vulnerability. Sendmail credits \nInternet Security Systems\n with providing information about this issue.","author":"This document was written by Jeff Gennari.","public":["http://www.sendmail.org/8.13.6.html","http://www.sendmail.com/company/advisory","ftp://ftp.sendmail.org/pub/sendmail/8.13.5.p0","ftp://ftp.sendmail.org/pub/sendmail/8.12.11.p0","http://xforce.iss.net/xforce/alerts/id/216"],"cveids":["CVE-2006-0058"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-02-27T19:57:24Z","publicdate":"2006-03-22T00:00:00Z","datefirstpublished":"2006-03-22T16:28:52Z","dateupdated":"2011-07-22T12:42:53Z","revision":92,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"17","cam_exploitation":"8","cam_internetinfrastructure":"6","cam_population":"18","cam_impact":"19","cam_easeofexploitation":"5","cam_attackeraccessrequired":"20","cam_scorecurrent":"19.87875","cam_scorecurrentwidelyknown":"21.8025","cam_scorecurrentwidelyknownexploited":"29.4975","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":19.87875,"vulnote":null}