CVE-2006-0058 : Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote att

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

Published 2006-03-22 20:06:00

Updated 2025-04-03 01:03:51

Source CERT/CC

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2006-0058

Sendmail » Sendmail » Version: 8.13.2
cpe:2.3:a:sendmail:sendmail:8.13.2:*:*:*:*:*:*:*
Matching versions
Sendmail » Sendmail » Version: 8.13.3
cpe:2.3:a:sendmail:sendmail:8.13.3:*:*:*:*:*:*:*
Matching versions
Sendmail » Sendmail » Version: 8.13.0
cpe:2.3:a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:*
Matching versions
Sendmail » Sendmail » Version: 8.13.1
cpe:2.3:a:sendmail:sendmail:8.13.1:*:*:*:*:*:*:*
Matching versions
Sendmail » Sendmail » Version: 8.13.4
cpe:2.3:a:sendmail:sendmail:8.13.4:*:*:*:*:*:*:*
Matching versions
Sendmail » Sendmail » Version: 8.13.5
cpe:2.3:a:sendmail:sendmail:8.13.5:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2006-0058

Top countries where our scanners detected CVE-2006-0058

Top open port discovered on systems with this issue 80

IPs affected by CVE-2006-0058 77

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2006-0058!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2006-0058

EPSS FAQ

71.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-0058

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.6	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C	4.9	10.0	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2006-0058

http://www.ciac.org/ciac/bulletins/q-151.shtml
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555
http://www.openbsd.org/errata38.html#sendmail

OpenBSD 3.8 Errata
http://www.securityfocus.com/bid/17192
http://www.vupen.com/english/advisories/2006/1051

Site en construction
http://support.avaya.com/elmodocs2/security/ASA-2006-074.htm
http://www.osvdb.org/24037

404 Not Found
http://www.kb.cert.org/vuls/id/834865

VU#834865 - Sendmail signal I/O race condition
US Government Resource
http://www.securityfocus.com/archive/1/428536/100/0/threaded
http://secunia.com/advisories/20723

About Secunia Research | Flexera

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/1072

Site en construction
http://secunia.com/advisories/19676

About Secunia Research | Flexera

CVEs referencing this url
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.619600

The Slackware Linux Project: Slackware Security Advisories
http://securityreason.com/securityalert/612

OpenPKG Security Advisory (sendmail) - CXSecurity.com
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102324-1
http://secunia.com/advisories/19450

About Secunia Research | Flexera
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11074

404 Not Found
http://secunia.com/advisories/19345

About Secunia Research | Flexera
http://www.redhat.com/support/errata/RHSA-2006-0264.html

Support
Patch;Vendor Advisory
http://secunia.com/advisories/19363

About Secunia Research | Flexera
http://www.vupen.com/english/advisories/2006/2490

Site en construction

CVEs referencing this url
http://secunia.com/advisories/19533

About Secunia Research | Flexera
http://www.gentoo.org/security/en/glsa/glsa-200603-21.xml

Sendmail: Race condition in the handling of asynchronous signals (GLSA 200603-21) — Gentoo security
http://www.f-secure.com/security/fsc-2006-2.shtml

Not found | F‑Secure
http://secunia.com/advisories/19361

About Secunia Research | Flexera
http://secunia.com/advisories/19394

About Secunia Research | Flexera
http://secunia.com/advisories/19368

About Secunia Research | Flexera
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1689

404 Not Found
http://secunia.com/advisories/19532

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/19349

About Secunia Research | Flexera
http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688

404 Not Found

CVEs referencing this url
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82994&apar=only
http://www.redhat.com/support/errata/RHSA-2006-0265.html

Support
Patch;Vendor Advisory
http://www.vupen.com/english/advisories/2006/1139

Site en construction
http://www.vupen.com/english/advisories/2006/2189

Site en construction

CVEs referencing this url
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82993&apar=only
http://secunia.com/advisories/19342

About Secunia Research | Flexera
http://www.vupen.com/english/advisories/2006/1068

Site en construction
http://www.vupen.com/english/advisories/2006/1049

Site en construction
http://secunia.com/advisories/19360

About Secunia Research | Flexera
http://secunia.com/advisories/19367

About Secunia Research | Flexera
http://www.securityfocus.com/archive/1/428656/100/0/threaded
ftp://patches.sgi.com/support/free/security/advisories/20060302-01-P
http://secunia.com/advisories/19404

About Secunia Research | Flexera
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751

404 Not Found

CVEs referencing this url
http://securitytracker.com/id?1015801

Access Denied
http://secunia.com/advisories/19356

About Secunia Research | Flexera
http://www.mandriva.com/security/advisories?name=MDKSA-2006:058

Mandriva
http://www.vupen.com/english/advisories/2006/1529

Site en construction
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00018.html

[SECURITY] Fedora Core 5 Update: sendmail-8.13.6-0.FC5.1
http://www.iss.net/threats/216.html
http://www.us-cert.gov/cas/techalerts/TA06-081A.html

Page Not Found | CISA
US Government Resource
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24/SCOSA-2006.24.txt
http://secunia.com/advisories/19346

About Secunia Research | Flexera
http://secunia.com/advisories/19407

About Secunia Research | Flexera
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00017.html

[SECURITY] Fedora Core 4 Update: sendmail-8.13.6-0.FC4.1
http://secunia.com/advisories/19466

About Secunia Research | Flexera
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200494-1
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82992&apar=only
http://secunia.com/advisories/19774

About Secunia Research | Flexera
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc
http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/1157

Site en construction
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.007-sendmail.html
http://www.sendmail.com/company/advisory/index.shtml

Sendmail Sentrion Open Source - Open Source Email Server | Proofpoint US
http://secunia.com/advisories/20243

About Secunia Research | Flexera
http://securityreason.com/securityalert/743

HP-UX running Sendmail, Remote Execution of Arbitrary Code - CXSecurity.com
http://www.novell.com/linux/security/advisories/2006_17_sendmail.html

404 Page Not Found | SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilities/24584

Sendmail signal handler timeout race condition CVE-2006-0058 Vulnerability Report
http://www.debian.org/security/2006/dsa-1015

[SECURITY] [DSA 1015-1] New sendmail packages fix arbitrary code execution
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-010.txt.asc
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2006-0058

Products affected by CVE-2006-0058

Threat overview for CVE-2006-0058

Exploit prediction scoring system (EPSS) score for CVE-2006-0058

CVSS scores for CVE-2006-0058

References for CVE-2006-0058