Home > Vulnerability Database > CVE-2006-4434

Mend.io Vulnerability Database

CVE-2006-4434

Date: August 28, 2006

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

Severity Score

7.5

Related Resources (22)

Url: http://www.vupen.com/english/advisories/2006/3994

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1

Url: http://www.debian.org/security/2006/dsa-1164

Url: http://www.sendmail.org/releases/8.13.8.html

Url: http://secunia.com/advisories/21749

Url: http://securitytracker.com/id?1016753

Url: http://www.vupen.com/english/advisories/2006/3393

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-4434

Url: http://secunia.com/advisories/21641

Url: http://secunia.com/advisories/21696

Url: http://secunia.com/advisories/22369

Url: http://secunia.com/advisories/21700

Url: http://www.openbsd.org/errata38.html#sendmail3

Url: http://secunia.com/advisories/21637

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-4434

Url: http://www.osvdb.org/28193

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:156

Url: http://www.securityfocus.com/bid/19714

Url: http://www.attrition.org/pipermail/vim/2006-August/000999.html

Url: http://www.openbsd.org/errata.html#sendmail3

Url: http://www.novell.com/linux/security/advisories/2006_21_sr.html

Url: https://www.mend.io/vulnerability-database/CVE-2006-4434

Severity Score

7.5

Weakness Type (CWE)

Resource Management Errors

CWE-399

Use After Free

CWE-416

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-4434

Date: August 28, 2006

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?