FreeBSD : sendmail -- race condition vulnerability (08ac7b8b-bb30-11da-b2fb-000e0c2e438a)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Problem Description A race condition has been reported to exist in the
handling by sendmail of asynchronous signals. Impact A remote attacker
may be able to execute arbitrary code with the privileges of the user
running sendmail, typically root. Workaround There is no known
workaround other than disabling sendmail.

See also :

http://www.nessus.org/u?3228d048

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21381 (freebsd_pkg_08ac7b8bbb3011dab2fb000e0c2e438a.nasl)

Bugtraq ID:

CVE ID: CVE-2006-0058