A fix is available
APAR status
Closed as program error.
Error description
Security vulnerability in sendmail CVE-2006-4434. Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced.
Local fix
Problem summary
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced.
Problem conclusion
set the CurEnv e_to member to 0.
Temporary fix
Comments
5300-06 - use AIX APAR IZ24183 5300-07 - use AIX APAR IZ36350 5300-08 - use AIX APAR IZ36339 5300-09 - use AIX APAR IZ25563 6100-00 - use AIX APAR IZ34749 6100-01 - use AIX APAR IZ34389 6100-02 - use AIX APAR IZ25577
APAR Information
APAR number
IZ25577
Reported component name
AIX 610
Reported component ID
5765G6200
Reported release
610
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Submitted date
2008-06-24
Closed date
2008-06-24
Last modified date
2009-07-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AIX 610
Fixed component ID
5765G6200
Applicable component levels
R610 PSY U814107
UP08/11/13 I 1000
PTF to Fileset Mapping
U814107 bos.net.tcp.client 6.1.2.0
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.