CVE-2006-1173

Description

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.

Category

5.0
CVSS
Severity: Medium
CVSS 2.0 •
EPSS 21.90% Top 5%
Vendor Advisory ibm.com Vendor Advisory hp.com Vendor Advisory debian.org Vendor Advisory openbsd.org Vendor Advisory securityfocus.com Vendor Advisory redhat.com Vendor Advisory sgi.com Vendor Advisory sun.com Vendor Advisory sgi.com Vendor Advisory mandriva.com Vendor Advisory slackware.com Vendor Advisory gentoo.org Vendor Advisory suse.com Vendor Advisory freebsd.org Vendor Advisory ibm.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory sendmail.com Vendor Advisory vupen.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only vendor advisory
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 vendor advisory
http://www.debian.org/security/2006/dsa-1155 vendor advisory
http://www.openbsd.org/errata38.html#sendmail2 vendor advisory
http://secunia.com/advisories/20684 third party advisory vendor advisory
http://www.securityfocus.com/archive/1/442939/100/0/threaded vendor advisory
http://www.vupen.com/english/advisories/2006/2388 vdb entry
http://secunia.com/advisories/20726 third party advisory vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253 signature vdb entry
http://www.vupen.com/english/advisories/2006/2351 vdb entry
http://secunia.com/advisories/21327 third party advisory vendor advisory
http://www.redhat.com/support/errata/RHSA-2006-0515.html vendor advisory
http://www.vupen.com/english/advisories/2006/2389 vdb entry vendor advisory
http://secunia.com/advisories/21647 third party advisory vendor advisory
http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html
https://issues.rpath.com/browse/RPL-526
http://secunia.com/advisories/20651 third party advisory vendor advisory
http://secunia.com/advisories/20683 third party advisory vendor advisory
http://secunia.com/advisories/20650 third party advisory vendor advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm
http://secunia.com/advisories/20782 third party advisory vendor advisory
http://www.vupen.com/english/advisories/2006/3135 vdb entry
http://securitytracker.com/id?1016295 vdb entry
http://secunia.com/advisories/20694 third party advisory vendor advisory
http://secunia.com/advisories/20473 patch vendor advisory third party advisory
http://www.vupen.com/english/advisories/2006/2189 vdb entry
http://www.securityfocus.com/archive/1/440744/100/0/threaded mailing list
ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P vendor advisory
http://www.vupen.com/english/advisories/2006/2798 vdb entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1 patch vendor advisory
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc patch vendor advisory
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:104 vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27128 vdb entry
http://secunia.com/advisories/20673 third party advisory vendor advisory
http://www.f-secure.com/security/fsc-2006-5.shtml
http://www.securityfocus.com/archive/1/438241/100/0/threaded mailing list
http://secunia.com/advisories/21612 third party advisory vendor advisory
http://secunia.com/advisories/20654 third party advisory vendor advisory
http://www.vupen.com/english/advisories/2006/2390 vdb entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382 vendor advisory
http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml vendor advisory
http://www.securityfocus.com/bid/18433 patch vdb entry
http://secunia.com/advisories/20675 third party advisory vendor advisory
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html vendor advisory
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc vendor advisory
http://www.securityfocus.com/archive/1/437928/100/0/threaded mailing list
http://www.kb.cert.org/vuls/id/146718 third party advisory us government resource
http://secunia.com/advisories/15779 patch vendor advisory third party advisory
http://secunia.com/advisories/20641 third party advisory vendor advisory
http://secunia.com/advisories/20679 third party advisory vendor advisory
http://www.osvdb.org/26197 vdb entry
http://secunia.com/advisories/21042 third party advisory vendor advisory
http://secunia.com/advisories/21160 third party advisory vendor advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only vendor advisory
http://www.securityfocus.com/archive/1/438330/100/0/threaded mailing list

Frequently Asked Questions

What is the severity of CVE-2006-1173?
CVE-2006-1173 has been scored as a medium severity vulnerability.
How to fix CVE-2006-1173?
To fix CVE-2006-1173, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-1173 being actively exploited in the wild?
It is possible that CVE-2006-1173 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~22% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.