CVE-2006-1173
UnknownEPSS 5.08%
Last modified
CVE-2006-1173 is a vulnerability of currently unknown severity. Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.. EPSS estimates a 5.08% chance of exploitation in the next 30 days.
Description
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Sendmail | Sendmail | <= 8.13.6 | — |
| Sendmail | Sendmail | 8.8.8 | — |
| Sendmail | Sendmail | 8.9.0 | — |
| Sendmail | Sendmail | 8.9.1 | — |
| Sendmail | Sendmail | 8.9.2 | — |
| Sendmail | Sendmail | 8.9.3 | — |
| Sendmail | Sendmail | 8.10 | — |
| Sendmail | Sendmail | 8.10.1 | — |
| Sendmail | Sendmail | 8.10.2 | — |
| Sendmail | Sendmail | 8.11.0 | — |
| Sendmail | Sendmail | 8.11.1 | — |
| Sendmail | Sendmail | 8.11.2 | — |
| Sendmail | Sendmail | 8.11.3 | — |
| Sendmail | Sendmail | 8.11.4 | — |
| Sendmail | Sendmail | 8.11.5 | — |
| Sendmail | Sendmail | 8.11.6 | — |
| Sendmail | Sendmail | 8.11.7 | — |
| Sendmail | Sendmail | 8.12 | Beta10 |
| Sendmail | Sendmail | 8.12.0 | — |
| Sendmail | Sendmail | 8.12.1 | — |
| Sendmail | Sendmail | 8.12.2 | — |
| Sendmail | Sendmail | 8.12.3 | — |
| Sendmail | Sendmail | 8.12.4 | — |
| Sendmail | Sendmail | 8.12.5 | — |
| Sendmail | Sendmail | 8.12.6 | — |
| Sendmail | Sendmail | 8.12.7 | — |
| Sendmail | Sendmail | 8.12.8 | — |
| Sendmail | Sendmail | 8.12.9 | — |
| Sendmail | Sendmail | 8.12.10 | — |
| Sendmail | Sendmail | 8.12.11 | — |
| Sendmail | Sendmail | 8.13.0 | — |
| Sendmail | Sendmail | 8.13.1 | — |
| Sendmail | Sendmail | 8.13.1.2 | — |
| Sendmail | Sendmail | 8.13.2 | — |
| Sendmail | Sendmail | 8.13.3 | — |
| Sendmail | Sendmail | 8.13.4 | — |
| Sendmail | Sendmail | 8.13.5 | — |
References
- http://secunia.com/advisories/15779Patch, Vendor Advisory
- http://secunia.com/advisories/20473Patch, Vendor Advisory
- http://secunia.com/advisories/20641Vendor Advisory
- http://secunia.com/advisories/20650Vendor Advisory
- http://secunia.com/advisories/20651Vendor Advisory
- http://secunia.com/advisories/20654Vendor Advisory
- http://secunia.com/advisories/20673Vendor Advisory
- http://secunia.com/advisories/20675Vendor Advisory
- http://secunia.com/advisories/20679Vendor Advisory
- http://secunia.com/advisories/20683Vendor Advisory
- http://secunia.com/advisories/20684Vendor Advisory
- http://secunia.com/advisories/20694Vendor Advisory
- http://secunia.com/advisories/20726Vendor Advisory
- http://secunia.com/advisories/20782Vendor Advisory
- http://secunia.com/advisories/21042Vendor Advisory
- http://secunia.com/advisories/21160Vendor Advisory
- http://secunia.com/advisories/21327Vendor Advisory
- http://secunia.com/advisories/21612Vendor Advisory
- http://secunia.com/advisories/21647Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1Patch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/146718Third Party Advisory, US Government Resource
- http://www.sendmail.com/security/advisories/SA-200605-01.txt.ascPatch, Vendor Advisory
- http://www.vupen.com/english/advisories/2006/2389Vendor Advisory
- http://secunia.com/advisories/15779Patch, Vendor Advisory
- http://secunia.com/advisories/20473Patch, Vendor Advisory
- http://secunia.com/advisories/20641Vendor Advisory
- http://secunia.com/advisories/20650Vendor Advisory
- http://secunia.com/advisories/20651Vendor Advisory
- http://secunia.com/advisories/20654Vendor Advisory
- http://secunia.com/advisories/20673Vendor Advisory
- http://secunia.com/advisories/20675Vendor Advisory
- http://secunia.com/advisories/20679Vendor Advisory
- http://secunia.com/advisories/20683Vendor Advisory
- http://secunia.com/advisories/20684Vendor Advisory
- http://secunia.com/advisories/20694Vendor Advisory
- http://secunia.com/advisories/20726Vendor Advisory
- http://secunia.com/advisories/20782Vendor Advisory
- http://secunia.com/advisories/21042Vendor Advisory
- http://secunia.com/advisories/21160Vendor Advisory
- http://secunia.com/advisories/21327Vendor Advisory
- http://secunia.com/advisories/21612Vendor Advisory
- http://secunia.com/advisories/21647Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1Patch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/146718Third Party Advisory, US Government Resource
- http://www.sendmail.com/security/advisories/SA-200605-01.txt.ascPatch, Vendor Advisory
- http://www.vupen.com/english/advisories/2006/2389Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-1173?
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
How severe is CVE-2006-1173?
Severity scoring for CVE-2006-1173 is pending analysis. The EPSS model estimates a 5.08% probability of exploitation in the next 30 days.
How do I fix CVE-2006-1173?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2006-1173?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST