Vulnerability Details : CVE-2006-4434
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."
Vulnerability category: Memory CorruptionDenial of service
Threat overview for CVE-2006-4434
Top countries where our scanners detected CVE-2006-4434
Top open port discovered on systems with this issue
80
IPs affected by CVE-2006-4434 210
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2006-4434!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-4434
Probability of exploitation activity in the next 30 days: 27.44%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-4434
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2006-4434
-
Assigned by: nvd@nist.gov (Primary)
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-4434
-
Red Hat 2006-08-30This flaw causes a crash but does not result in a denial of service against Sendmail and is therefore not a security issue.
-
http://securitytracker.com/id?1016753
GoDaddy Domain Name SearchBroken Link;Patch;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/22369
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.openbsd.org/errata38.html#sendmail3
OpenBSD 3.8 ErrataThird Party Advisory
-
http://www.vupen.com/english/advisories/2006/3994
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Vendor Advisory
-
http://www.osvdb.org/28193
404 Not FoundBroken Link
-
http://www.debian.org/security/2006/dsa-1164
Debian -- The Universal Operating SystemBroken Link
-
http://secunia.com/advisories/21749
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.openbsd.org/errata.html#sendmail3
OpenBSD: Errata and PatchesRelease Notes
-
http://secunia.com/advisories/21696
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.novell.com/linux/security/advisories/2006_21_sr.html
404 Page Not Found | SUSEBroken Link
-
http://www.attrition.org/pipermail/vim/2006-August/000999.html
[VIM] Sendmail vendor dispute - CVE-2006-4434 (fwd)Mailing List
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:156
Advisories - Mandriva LinuxBroken Link
-
http://www.sendmail.org/releases/8.13.8.html
Sendmail Open Source - Open Source Email Server | Proofpoint USRelease Notes
-
http://secunia.com/advisories/21700
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.securityfocus.com/bid/19714
Broken Link;Patch;Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2006/3393
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Vendor Advisory
-
http://secunia.com/advisories/21637
About Secunia Research | FlexeraBroken Link;Patch;Vendor Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1
Broken Link
-
http://secunia.com/advisories/21641
About Secunia Research | FlexeraBroken Link;Patch;Vendor Advisory
- cpe:2.3:a:sendmail:sendmail:*:*:*:*:*:*:*:*