CVE-2006-0058

Description

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

7.6
CVSS
Severity: High
CVSS 2.0 •
EPSS 71.01% Top 5%
Vendor Advisory hp.com Vendor Advisory debian.org Vendor Advisory mandriva.com Vendor Advisory openbsd.org Vendor Advisory sco.com Vendor Advisory freebsd.org Vendor Advisory sgi.com Vendor Advisory sun.com Vendor Advisory openpkg.org Vendor Advisory hp.com Vendor Advisory redhat.com Vendor Advisory sgi.com Vendor Advisory redhat.com Vendor Advisory slackware.com Vendor Advisory ibm.com Vendor Advisory gentoo.org Vendor Advisory ibm.com Vendor Advisory ibm.com Vendor Advisory redhat.com Vendor Advisory securityfocus.com Vendor Advisory sun.com Vendor Advisory novell.com Vendor Advisory sun.com Vendor Advisory netbsd.org Vendor Advisory redhat.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://www.vupen.com/english/advisories/2006/1529 vdb entry
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 vendor advisory
http://secunia.com/advisories/19450 third party advisory
http://www.debian.org/security/2006/dsa-1015 vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:058 vendor advisory
http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688
http://www.openbsd.org/errata38.html#sendmail vendor advisory
http://www.kb.cert.org/vuls/id/834865 third party advisory us government resource
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24/SCOSA-2006.24.txt vendor advisory
http://secunia.com/advisories/19342 third party advisory
http://www.vupen.com/english/advisories/2006/1049 vdb entry
http://secunia.com/advisories/19774 third party advisory
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11074 signature vdb entry
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U vendor advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200494-1 vendor advisory
http://secunia.com/advisories/19404 third party advisory
http://secunia.com/advisories/19367 third party advisory
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.007-sendmail.html vendor advisory
http://www.vupen.com/english/advisories/2006/1051 vdb entry
http://www.securityfocus.com/archive/1/428536/100/0/threaded mailing list
http://www.f-secure.com/security/fsc-2006-2.shtml
http://securityreason.com/securityalert/743 third party advisory
http://securitytracker.com/id?1015801 vdb entry
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555 vendor advisory
http://secunia.com/advisories/19363 third party advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24584 vdb entry
http://www.us-cert.gov/cas/techalerts/TA06-081A.html third party advisory us government resource
http://secunia.com/advisories/20723 third party advisory
http://secunia.com/advisories/20243 third party advisory
http://secunia.com/advisories/19407 third party advisory
http://www.vupen.com/english/advisories/2006/2189 vdb entry
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00017.html vendor advisory
ftp://patches.sgi.com/support/free/security/advisories/20060302-01-P vendor advisory
http://www.iss.net/threats/216.html third party advisory
http://secunia.com/advisories/19466 third party advisory
http://secunia.com/advisories/19368 third party advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm
http://www.ciac.org/ciac/bulletins/q-151.shtml third party advisory government resource
http://support.avaya.com/elmodocs2/security/ASA-2006-074.htm
http://secunia.com/advisories/19345 third party advisory
http://securityreason.com/securityalert/612 third party advisory
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00018.html vendor advisory
http://secunia.com/advisories/19346 third party advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.619600 vendor advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82992&apar=only vendor advisory
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751
http://www.gentoo.org/security/en/glsa/glsa-200603-21.xml vendor advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82994&apar=only vendor advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82993&apar=only vendor advisory
http://www.vupen.com/english/advisories/2006/1068 vdb entry
http://www.redhat.com/support/errata/RHSA-2006-0265.html patch vendor advisory
http://www.vupen.com/english/advisories/2006/2490 vdb entry
http://www.vupen.com/english/advisories/2006/1072 vdb entry
http://www.securityfocus.com/archive/1/428656/100/0/threaded vendor advisory
http://secunia.com/advisories/19360 third party advisory
http://secunia.com/advisories/19532 third party advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102324-1 vendor advisory
http://secunia.com/advisories/19361 third party advisory
http://secunia.com/advisories/19676 third party advisory
http://secunia.com/advisories/19356 third party advisory
http://www.novell.com/linux/security/advisories/2006_17_sendmail.html vendor advisory
http://www.osvdb.org/24037 vdb entry
http://secunia.com/advisories/19349 third party advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1 vendor advisory
http://secunia.com/advisories/19394 third party advisory
http://www.vupen.com/english/advisories/2006/1139 vdb entry
http://www.vupen.com/english/advisories/2006/1157 vdb entry
http://secunia.com/advisories/19533 third party advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1689 signature vdb entry
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-010.txt.asc vendor advisory
http://www.securityfocus.com/bid/17192 vdb entry
http://www.redhat.com/support/errata/RHSA-2006-0264.html patch vendor advisory
http://www.sendmail.com/company/advisory/index.shtml

Frequently Asked Questions

What is the severity of CVE-2006-0058?
CVE-2006-0058 has been scored as a high severity vulnerability.
How to fix CVE-2006-0058?
To fix CVE-2006-0058, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-0058 being actively exploited in the wild?
It is possible that CVE-2006-0058 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~71% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.