Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > March 2006 > F-Secure Security Bulletin: FSC-2006-2 - Sendmail MTA Security Vulnerability

March 2006

F-Secure Security Bulletin: FSC-2006-2 - Sendmail MTA Security Vulnerability

ID: 00247
Ref: 246/2006
Date: 29 March 2006:13:23:34
Version: 1
Title: F-Secure Security Bulletin: FSC-2006-2 - Sendmail MTA Security Vulnerability
Abstract: A vulnerability in Sendmail may permit a specially crafted attack to take over the sendmail MTA process, allowing a remote user to execute commands and run arbitrary programs on the system.
Vendors affected: F-Secure
Operating systems affected: F-Secure
Applications affected: F-Secure
Title
=====

F-Secure Security Bulletin: FSC-2006-2 - Sendmail MTA Security Vulnerability

Detail
=====

A vulnerability in Sendmail may permit a specially crafted attack
to take over the sendmail MTA process, allowing a remote user to execute commands and
run arbitrary programs on the system.


F-Secure Security Bulletin FSC-2006-2
Sendmail MTA Security Vulnerability

Date issued: 2006-03-28
Last updated: 2006-03-28
Risk factor: High (Low/Medium/High/Critical)

Brief description: A vulnerability in Sendmail may permit a specially crafted attack
to take over the sendmail MTA process, allowing a remote user to execute commands and
run arbitrary programs on the system.

Software:
F-Secure Messaging Security Gateway, X200
F-Secure Messaging Security Gateway, P600 and P800
Affected versions: 3.1.0 or earlier, 3.2.4 or earlier

Affected platforms:
F-Secure Messaging Security Gateway, X200
F-Secure Messaging Security Gateway, P600 and P800

Bulletin location: http://www.f-secure.com/security/fsc-2006-2.shtml

Issue: Sendmail released a medium risk security advisory on March 22nd 2006. The
Sendmail Advisory is located at http://www.sendmail.com/company/advisory/. Both
the X- and P-series
F-Secure Messaging Security Gateway Appliances use Sendmail. The vulnerability may
permit a specially crafted attack to take over the sendmail MTA process, allowing
a remote user to execute commands and run arbitrary programs on the system.
Hotfixes are distributed automatically by the delivery system. Users of these
products do not need to take any action. This means that virtually all affected
systems will be patched automatically shortly after publication of this advisory.

This vulnerability is being tracked as CVE-2006-0058 and can be found at
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058.

Revision History: FSC-2006-2 - 2006-03-23

Contact Information: Support: http://support.f-secure.com/enu/corporate/contactus/
Security: http://www.f-secure.com/security/
URL: http://www.f-secure.com/
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |