Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0058

12 documents9 sources

Severity

7.6HIGH

EPSS

59.0%

top 1.77%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sendmail Sendmail

Timeline

PublishedMar 22

Latest updateMay 3

Description

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶Debiansendmail< 8.13.6-1+3

▶NVDsendmail/sendmail6 versions+5

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-rwqm-33xf-cwgq: Signal handler race condition in Sendmail 8↗2022-05-03

▶

OSV

CVE-2006-0058: Signal handler race condition in Sendmail 8↗2006-03-22

▶

CVEList

CVE-2006-0058: Signal handler race condition in Sendmail 8↗2006-03-22

▶

💥Exploits & PoCs

Exploit-DB

Sendmail 8.13.5 - Remote Signal Handling (PoC)↗2006-07-21

▶

📋Vendor Advisories

Red Hat

security flaw↗2006-03-22

▶

BSD

FreeBSD-SA-06:13.sendmail: Race condition in sendmail↗2006-03-22

▶

Debian

CVE-2006-0058: sendmail - Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote att...↗2006

▶

💬Community

Bugzilla

CVE-2006-0058 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-0058 Sendmail race condition issue↗2006-03-22

▶

Bugzilla

CVE-2006-0058 Sendmail race condition issue↗2006-03-08

▶

Bugzilla

CVE-2006-0058 Sendmail race condition issue↗2006-03-08

▶