FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sendmail -- race condition vulnerability

Affected packages
8.13 < sendmail < 8.13.6
Affected systems
6.0 <= FreeBSD < 6.0_6
5.4 <= FreeBSD < 5.4_13
5.3 <= FreeBSD < 5.3_28
4.11 <= FreeBSD < 4.11_16
4.10 <= FreeBSD < 4.10_22

Details

VuXML ID 08ac7b8b-bb30-11da-b2fb-000e0c2e438a
Discovery 2006-03-22
Entry 2006-03-24
Modified 2006-06-09

Problem Description

A race condition has been reported to exist in the handling by sendmail of asynchronous signals.

Impact

A remote attacker may be able to execute arbitrary code with the privileges of the user running sendmail, typically root.

Workaround

There is no known workaround other than disabling sendmail.

References

CVE Name CVE-2006-0058
FreeBSD Advisory SA-06:13.sendmail