DragonSoft Advisory

Sendmail Asynchronous Signals Handle Vulnerability

Sendmail 8.13.x before 8.13.6 are contains a race condition vulnerability. Caused by the "setjmp()", "longjmp()" and "sm_syslog()" functions that do not properly handle certain asynchronous signals, A remote unauthenticated attackers could sending specially crafted requests at certain time intervals to the SMTP port. Which could be exploited by remote attackers or network worms to take complete control of an affected system.

DragonSoft Security Team suggests Unix users need to upgrade to Sendmail version 8.13.6.

Relate Links:

Sendmail Asynchronous Signals Handle Vulnerability
http://vdb.dragonsoft.com/detail.php?id=2450
Sendmail 8.13.6
http://www.sendmail.org/8.13.6.html
US-CERT Technical Cyber Security Alert TA06-081A
http://www.us-cert.gov/cas/techalerts/TA06-081A.html
US-CERT Vulnerability Note VU#834865
http://www.kb.cert.org/vuls/id/834865

Vulnerability Assessment:

DragonSoft Secure Scanner - Free 30 Day Trial
http://www.dragonsoft.com/english/download/

About DragonSoft Security Associates, Inc.

DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education. Founded in 2002, DragonSoft offers vulnerability management olutions, including vulnerability assessment, System Security Management and intrusion prevention.

Tel. +886-3-5630989 Fax. +886-3-5797758
6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300. R.O.C
Copyright © DragonSoft Security Associates, Inc. All Rights Reserved
| About | Unsubscribe | Contact |