CVE-2006-4434

HIGH EXPLOITED

Sendmail < 8.13.8 - Use-After-Free via Long Header Line

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2006-4434 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

References (19)

Core 19
Core References
Release Notes vendor-advisory x_refsource_openbsd
http://www.openbsd.org/errata.html#sendmail3
Mailing List mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2006-August/000999.html
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016753
Broken Link, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21637
Broken Link, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3994
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/28193
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21749
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21700
Broken Link vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1164
Broken Link, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21641
Release Notes x_refsource_confirm
http://www.sendmail.org/releases/8.13.8.html
Broken Link, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3393
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:156
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19714
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_21_sr.html
Broken Link vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22369
Third Party Advisory vendor-advisory x_refsource_openbsd
http://www.openbsd.org/errata38.html#sendmail3
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21696

Scores

CVSS v3 7.5
EPSS 0.0433
EPSS Percentile 90.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

VulnCheck KEV 2006-08-29
CWE
CWE-416
Status published
Products (1)
sendmail/sendmail < 8.13.8
Published Aug 29, 2006
Tracked Since Feb 18, 2026