Search for vulnerabilities
Vulnerability details: VCID-etn5-mm5d-aaaa
Vulnerability ID VCID-etn5-mm5d-aaaa
Aliases CVE-2006-0058
Summary Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2006:0264
rhas Critical https://access.redhat.com/errata/RHSA-2006:0265
epss 0.66882 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.71008 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.93231 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.93231 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.93231 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.93970 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.93970 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.93970 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.93970 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.93970 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.93970 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.93970 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.93970 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
epss 0.93970 https://api.first.org/data/v1/epss?cve=CVE-2006-0058
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=1617872
cvssv2 7.6 https://nvd.nist.gov/vuln/detail/CVE-2006-0058
Reference id Reference type URL
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-010.txt.asc
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24/SCOSA-2006.24.txt
ftp://patches.sgi.com/support/free/security/advisories/20060302-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0058.json
https://api.first.org/data/v1/epss?cve=CVE-2006-0058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
http://secunia.com/advisories/19342
http://secunia.com/advisories/19345
http://secunia.com/advisories/19346
http://secunia.com/advisories/19349
http://secunia.com/advisories/19356
http://secunia.com/advisories/19360
http://secunia.com/advisories/19361
http://secunia.com/advisories/19363
http://secunia.com/advisories/19367
http://secunia.com/advisories/19368
http://secunia.com/advisories/19394
http://secunia.com/advisories/19404
http://secunia.com/advisories/19407
http://secunia.com/advisories/19450
http://secunia.com/advisories/19466
http://secunia.com/advisories/19532
http://secunia.com/advisories/19533
http://secunia.com/advisories/19676
http://secunia.com/advisories/19774
http://secunia.com/advisories/20243
http://secunia.com/advisories/20723
http://securityreason.com/securityalert/612
http://securityreason.com/securityalert/743
http://securitytracker.com/id?1015801
https://exchange.xforce.ibmcloud.com/vulnerabilities/24584
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.619600
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1689
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102324-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200494-1
http://support.avaya.com/elmodocs2/security/ASA-2006-074.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm
http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82992&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82993&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY82994&apar=only
http://www.ciac.org/ciac/bulletins/q-151.shtml
http://www.debian.org/security/2006/dsa-1015
http://www.f-secure.com/security/fsc-2006-2.shtml
http://www.gentoo.org/security/en/glsa/glsa-200603-21.xml
http://www.iss.net/threats/216.html
http://www.kb.cert.org/vuls/id/834865
http://www.mandriva.com/security/advisories?name=MDKSA-2006:058
http://www.novell.com/linux/security/advisories/2006_17_sendmail.html
http://www.openbsd.org/errata38.html#sendmail
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.007-sendmail.html
http://www.osvdb.org/24037
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00017.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00018.html
http://www.redhat.com/support/errata/RHSA-2006-0264.html
http://www.redhat.com/support/errata/RHSA-2006-0265.html
http://www.securityfocus.com/archive/1/428536/100/0/threaded
http://www.securityfocus.com/archive/1/428656/100/0/threaded
http://www.securityfocus.com/bid/17192
http://www.sendmail.com/company/advisory/index.shtml
http://www.us-cert.gov/cas/techalerts/TA06-081A.html
http://www.vupen.com/english/advisories/2006/1049
http://www.vupen.com/english/advisories/2006/1051
http://www.vupen.com/english/advisories/2006/1068
http://www.vupen.com/english/advisories/2006/1072
http://www.vupen.com/english/advisories/2006/1139
http://www.vupen.com/english/advisories/2006/1157
http://www.vupen.com/english/advisories/2006/1529
http://www.vupen.com/english/advisories/2006/2189
http://www.vupen.com/english/advisories/2006/2490
1617872 https://bugzilla.redhat.com/show_bug.cgi?id=1617872
358440 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358440
cpe:2.3:a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.13.1:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.13.2:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.13.3:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.13.4:*:*:*:*:*:*:*
cpe:2.3:a:sendmail:sendmail:8.13.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sendmail:sendmail:8.13.5:*:*:*:*:*:*:*
CVE-2006-0058 https://nvd.nist.gov/vuln/detail/CVE-2006-0058
GLSA-200603-21 https://security.gentoo.org/glsa/200603-21
OSVDB-24037;CVE-2006-0058 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/2051.py
RHSA-2006:0264 https://access.redhat.com/errata/RHSA-2006:0264
RHSA-2006:0265 https://access.redhat.com/errata/RHSA-2006:0265
Data source Exploit-DB
Date added July 20, 2006
Description Sendmail 8.13.5 - Remote Signal Handling (PoC)
Ransomware campaign use Known
Source publication date July 21, 2006
Exploit type dos
Platform linux
Source update date Aug. 30, 2016
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2006-0058
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.9799
EPSS Score 0.66882
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.