Test ID:	1.3.6.1.4.1.25623.1.0.56475
Category:	SuSE Local Security Checks
Title:	SuSE Security Advisory SUSE-SA:2006:017 (sendmail)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory SUSE-SA:2006:017. The popular MTA sendmail is vulnerable to a race condition when handling signals. Under certain circumstances this bug can be exploited by an attacker to execute commands remotely. Sendmail was the default MTA in SuSE Linux Enterprise Server 8. Later products use postfix as MTA. Thanks to Mark Dowd who found this bug. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2006:017 Risk factor : High CVSS Score: 7.6
Cross-Ref:	BugTraq ID: 17192 Common Vulnerability Exposure (CVE) ID: CVE-2006-0058 AIX APAR: IY82992 http://www-1.ibm.com/support/search.wss?rs=0&q=IY82992&apar=only AIX APAR: IY82993 http://www-1.ibm.com/support/search.wss?rs=0&q=IY82993&apar=only AIX APAR: IY82994 http://www-1.ibm.com/support/search.wss?rs=0&q=IY82994&apar=only http://www.securityfocus.com/bid/17192 Bugtraq: 20060322 sendmail vuln advisories (CVE-2006-0058) (Google Search) http://www.securityfocus.com/archive/1/428536/100/0/threaded Cert/CC Advisory: TA06-081A http://www.us-cert.gov/cas/techalerts/TA06-081A.html CERT/CC vulnerability note: VU#834865 http://www.kb.cert.org/vuls/id/834865 Computer Incident Advisory Center Bulletin: Q-151 http://www.ciac.org/ciac/bulletins/q-151.shtml Debian Security Information: DSA-1015 (Google Search) http://www.debian.org/security/2006/dsa-1015 http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00018.html http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00017.html http://www.securityfocus.com/archive/1/428656/100/0/threaded FreeBSD Security Advisory: FreeBSD-SA-06:13 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc http://www.gentoo.org/security/en/glsa/glsa-200603-21.xml HPdes Security Advisory: HPSBTU02116 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 HPdes Security Advisory: HPSBUX02108 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555 HPdes Security Advisory: SSRT061133 HPdes Security Advisory: SSRT061135 ISS Security Advisory: 20060322 Sendmail Remote Signal Handling Vulnerability http://www.iss.net/threats/216.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:058 NETBSD Security Advisory: NetBSD-SA2006-010 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-010.txt.asc OpenBSD Security Advisory: [3.8] 006: SECURITY FIX: March 25, 2006 http://www.openbsd.org/errata38.html#sendmail http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.007-sendmail.html http://www.osvdb.org/24037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1689 http://www.redhat.com/support/errata/RHSA-2006-0264.html http://www.redhat.com/support/errata/RHSA-2006-0265.html SCO Security Bulletin: SCOSA-2006.24 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24/SCOSA-2006.24.txt http://securitytracker.com/id?1015801 http://secunia.com/advisories/19342 http://secunia.com/advisories/19345 http://secunia.com/advisories/19346 http://secunia.com/advisories/19349 http://secunia.com/advisories/19356 http://secunia.com/advisories/19360 http://secunia.com/advisories/19361 http://secunia.com/advisories/19363 http://secunia.com/advisories/19367 http://secunia.com/advisories/19368 http://secunia.com/advisories/19394 http://secunia.com/advisories/19404 http://secunia.com/advisories/19407 http://secunia.com/advisories/19450 http://secunia.com/advisories/19466 http://secunia.com/advisories/19532 http://secunia.com/advisories/19533 http://secunia.com/advisories/19676 http://secunia.com/advisories/19774 http://secunia.com/advisories/20243 http://secunia.com/advisories/20723 SGI Security Advisory: 20060302-01-P ftp://patches.sgi.com/support/free/security/advisories/20060302-01-P SGI Security Advisory: 20060401-01-U ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.619600 http://securityreason.com/securityalert/612 http://securityreason.com/securityalert/743 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102324-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200494-1 SuSE Security Announcement: SUSE-SA:2006:017 (Google Search) http://www.novell.com/linux/security/advisories/2006_17_sendmail.html http://www.vupen.com/english/advisories/2006/1049 http://www.vupen.com/english/advisories/2006/1051 http://www.vupen.com/english/advisories/2006/1068 http://www.vupen.com/english/advisories/2006/1072 http://www.vupen.com/english/advisories/2006/1139 http://www.vupen.com/english/advisories/2006/1157 http://www.vupen.com/english/advisories/2006/1529 http://www.vupen.com/english/advisories/2006/2189 http://www.vupen.com/english/advisories/2006/2490 XForce ISS Database: smtp-timeout-bo(24584) https://exchange.xforce.ibmcloud.com/vulnerabilities/24584
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.