FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sendmail -- Incorrect multipart message handling

Affected packages
4.11 <= FreeBSD < 4.11_19
5.3 <= FreeBSD < 5.3_31
5.4 <= FreeBSD < 5.4_16
5.5 <= FreeBSD < 5.5_2
6.0 <= FreeBSD < 6.0_9
6.1 <= FreeBSD < 6.1_2


VuXML ID c611be81-fbc2-11da-9156-000e0c2e438a
Discovery 2006-06-14
Entry 2006-06-14

Problem Description

A suitably malformed multipart MIME message can cause sendmail to exceed predefined limits on its stack usage.


An attacker able to send mail to, or via, a server can cause queued messages on the system to not be delivered, by causing the sendmail process which handles queued messages to crash. Note that this will not stop new messages from entering the queue (either from local processes, or incoming via SMTP).


No workaround is available, but systems which do not receive email from untrusted sources are not vulnerable.


CVE Name CVE-2006-1173
FreeBSD Advisory SA-06:17.sendmail