NVD

CVE-2006-1173 Detail

Deferred

This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.

Current Description

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.

View Analysis Description

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 5.0 MEDIUM

Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc	CERT/CC, CVE
ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P	CERT/CC, CVE
ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc	CERT/CC, CVE
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635	CERT/CC, CVE
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html	CERT/CC, CVE
http://secunia.com/advisories/15779	CERT/CC, CVE	Patch Vendor Advisory
http://secunia.com/advisories/20473	CERT/CC, CVE	Patch Vendor Advisory
http://secunia.com/advisories/20641	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/20650	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/20651	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/20654	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/20673	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/20675	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/20679	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/20683	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/20684	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/20694	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/20726	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/20782	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/21042	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/21160	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/21327	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/21612	CERT/CC, CVE	Vendor Advisory
http://secunia.com/advisories/21647	CERT/CC, CVE	Vendor Advisory
http://securitytracker.com/id?1016295	CERT/CC, CVE
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382	CERT/CC, CVE
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1	CERT/CC, CVE	Patch Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm	CERT/CC, CVE
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only	CERT/CC, CVE
http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only	CERT/CC, CVE
http://www.debian.org/security/2006/dsa-1155	CERT/CC, CVE
http://www.f-secure.com/security/fsc-2006-5.shtml	CERT/CC, CVE
http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html	CERT/CC, CVE
http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml	CERT/CC, CVE
http://www.kb.cert.org/vuls/id/146718	CERT/CC, CVE	Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:104	CERT/CC, CVE
http://www.openbsd.org/errata38.html#sendmail2	CERT/CC, CVE
http://www.osvdb.org/26197	CERT/CC, CVE
http://www.redhat.com/support/errata/RHSA-2006-0515.html	CERT/CC, CVE
http://www.securityfocus.com/archive/1/437928/100/0/threaded	CERT/CC, CVE
http://www.securityfocus.com/archive/1/438241/100/0/threaded	CERT/CC, CVE
http://www.securityfocus.com/archive/1/438330/100/0/threaded	CERT/CC, CVE
http://www.securityfocus.com/archive/1/440744/100/0/threaded	CERT/CC, CVE
http://www.securityfocus.com/archive/1/442939/100/0/threaded	CERT/CC, CVE
http://www.securityfocus.com/bid/18433	CERT/CC, CVE	Patch
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc	CERT/CC, CVE	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2006/2189	CERT/CC, CVE
http://www.vupen.com/english/advisories/2006/2351	CERT/CC, CVE
http://www.vupen.com/english/advisories/2006/2388	CERT/CC, CVE
http://www.vupen.com/english/advisories/2006/2389	CERT/CC, CVE	Vendor Advisory
http://www.vupen.com/english/advisories/2006/2390	CERT/CC, CVE
http://www.vupen.com/english/advisories/2006/2798	CERT/CC, CVE
http://www.vupen.com/english/advisories/2006/3135	CERT/CC, CVE
https://exchange.xforce.ibmcloud.com/vulnerabilities/27128	CERT/CC, CVE
https://issues.rpath.com/browse/RPL-526	CERT/CC, CVE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253	CERT/CC, CVE

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-399	Resource Management Errors	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

6 change records found show changes

CVE Modified by CVE 11/20/2024 7:08:14 PM

Action	Type	New Value
Added	Reference	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc
Added	Reference	ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P
Added	Reference	ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
Added	Reference	http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
Added	Reference	http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
Added	Reference	http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html
Added	Reference	http://secunia.com/advisories/15779
Added	Reference	http://secunia.com/advisories/20473
Added	Reference	http://secunia.com/advisories/20641
Added	Reference	http://secunia.com/advisories/20650
Added	Reference	http://secunia.com/advisories/20651
Added	Reference	http://secunia.com/advisories/20654
Added	Reference	http://secunia.com/advisories/20673
Added	Reference	http://secunia.com/advisories/20675
Added	Reference	http://secunia.com/advisories/20679
Added	Reference	http://secunia.com/advisories/20683
Added	Reference	http://secunia.com/advisories/20684
Added	Reference	http://secunia.com/advisories/20694
Added	Reference	http://secunia.com/advisories/20726
Added	Reference	http://secunia.com/advisories/20782
Added	Reference	http://secunia.com/advisories/21042
Added	Reference	http://secunia.com/advisories/21160
Added	Reference	http://secunia.com/advisories/21327
Added	Reference	http://secunia.com/advisories/21612
Added	Reference	http://secunia.com/advisories/21647
Added	Reference	http://securitytracker.com/id?1016295
Added	Reference	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.631382
Added	Reference	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1
Added	Reference	http://support.avaya.com/elmodocs2/security/ASA-2006-148.htm
Added	Reference	http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only
Added	Reference	http://www-1.ibm.com/support/search.wss?rs=0&q=IY85930&apar=only
Added	Reference	http://www.debian.org/security/2006/dsa-1155
Added	Reference	http://www.f-secure.com/security/fsc-2006-5.shtml
Added	Reference	http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-18.html
Added	Reference	http://www.gentoo.org/security/en/glsa/glsa-200606-19.xml
Added	Reference	http://www.kb.cert.org/vuls/id/146718
Added	Reference	http://www.mandriva.com/security/advisories?name=MDKSA-2006:104
Added	Reference	http://www.openbsd.org/errata38.html#sendmail2
Added	Reference	http://www.osvdb.org/26197
Added	Reference	http://www.redhat.com/support/errata/RHSA-2006-0515.html
Added	Reference	http://www.securityfocus.com/archive/1/437928/100/0/threaded
Added	Reference	http://www.securityfocus.com/archive/1/438241/100/0/threaded
Added	Reference	http://www.securityfocus.com/archive/1/438330/100/0/threaded
Added	Reference	http://www.securityfocus.com/archive/1/440744/100/0/threaded
Added	Reference	http://www.securityfocus.com/archive/1/442939/100/0/threaded
Added	Reference	http://www.securityfocus.com/archive/1/442939/100/0/threaded
Added	Reference	http://www.securityfocus.com/bid/18433
Added	Reference	http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
Added	Reference	http://www.vupen.com/english/advisories/2006/2189
Added	Reference	http://www.vupen.com/english/advisories/2006/2351
Added	Reference	http://www.vupen.com/english/advisories/2006/2388
Added	Reference	http://www.vupen.com/english/advisories/2006/2389
Added	Reference	http://www.vupen.com/english/advisories/2006/2390
Added	Reference	http://www.vupen.com/english/advisories/2006/2798
Added	Reference	http://www.vupen.com/english/advisories/2006/3135
Added	Reference	https://exchange.xforce.ibmcloud.com/vulnerabilities/27128
Added	Reference	https://issues.rpath.com/browse/RPL-526
Added	Reference	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11253

CVE Modified by CERT/CC 10/18/2018 12:31:04 PM

Action	Type	Old Value	New Value
Added	Reference		http://www.securityfocus.com/archive/1/437928/100/0/threaded [No Types Assigned]
Added	Reference		http://www.securityfocus.com/archive/1/438241/100/0/threaded [No Types Assigned]
Added	Reference		http://www.securityfocus.com/archive/1/438330/100/0/threaded [No Types Assigned]
Added	Reference		http://www.securityfocus.com/archive/1/440744/100/0/threaded [No Types Assigned]
Added	Reference		http://www.securityfocus.com/archive/1/442939/100/0/threaded [No Types Assigned]
Removed	Reference	http://www.securityfocus.com/archive/1/archive/1/437928/100/0/threaded [No Types Assigned]
Removed	Reference	http://www.securityfocus.com/archive/1/archive/1/438241/100/0/threaded [No Types Assigned]
Removed	Reference	http://www.securityfocus.com/archive/1/archive/1/438330/100/0/threaded [No Types Assigned]
Removed	Reference	http://www.securityfocus.com/archive/1/archive/1/440744/100/0/threaded [No Types Assigned]
Removed	Reference	http://www.securityfocus.com/archive/1/archive/1/442939/100/0/threaded [No Types Assigned]

Quick Info

CVE Dictionary Entry:
CVE-2006-1173
NVD Published Date:
06/07/2006
NVD Last Modified:
04/02/2025
Source:
CERT/CC

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2006-1173 Detail

Current Description

Analysis Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/20/2024 7:08:14 PM

CVE Modified by CERT/CC 5/13/2024 9:35:14 PM

CVE Modified by CERT/CC 10/18/2018 12:31:04 PM

CVE Modified by CERT/CC 10/10/2017 9:30:41 PM

CVE Modified by CERT/CC 7/19/2017 9:30:22 PM

Initial CVE Analysis 6/08/2006 10:06:00 AM

Quick Info