[VIM] Sendmail vendor dispute - CVE-2006-4434 (fwd)

Steven M. Christey coley at linus.mitre.org
Tue Aug 29 16:20:43 EDT 2006

FYI, forwarded with approval.  Given this info, I'd say that CVE concurs -
at least until the researchers figure out how to reliably exploit
"use-after-free" bugs (which BTW is going to be CVE/CWE are going to call
these bugs).

I gave the standard response to the criticism in the last paragraph, with
the observation that we vdb's had reported it because OpenBSD did.

- Steve

---------- Forwarded message ----------
Date: Tue, 29 Aug 2006 10:24:58 -0700
From: Claus Assmann
To: cve at mitre.org
Subject: CVE-2006-4434

Is there anything beyond a crash that is referenced in CVE-2006-4434?
The only denial of service that is possible here is to fill up the
disk with core dumps if the OS actually generates different core
dumps (which is unlikely, as sendmail is by default set-group-ID
and hence most OS do not generate a core unless explicitly configured).

Note: the bug is in the shutdown code (finis()) which leads directly
to exit(3), i.e., the process would terminate anyway, no mail delivery
or receiption is affected. If you have other information, then please
let me know.

Please note that I asked OpenBSD about this and the answer from
Theo de Raadt was:
"The problem is tiny."
"it is TOTALLY irrelevant"

The problem should not have been mentioned on their website.  Please
review the report and discard it or change it as explained above.

BTW: it would be nice if your process of creating a candidate for
inclusion in the CVE list makes sure that the security contact for
the software is informed, so we don't have to rely on some 3rd
party to hear about this "DoS" for the software that we maintain.


Claus Assmann
(current maintainer of sendmail)

More information about the VIM mailing list