CVE-2006-0058
CVE-2006-0058 is a high-severity vulnerability in Sendmail with a CVSS 2.0 base score of 7.6. Its EPSS exploit-prediction score of 28% places it in the 98th percentile, indicating an elevated likelihood of exploitation.
Key facts
- Severity: High (CVSS 2.0 base score 7.6)
- EPSS exploit prediction: 28% (98th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Sendmail
- Published:
- Last modified:
Description
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
Frequently asked questions
- What is CVE-2006-0058?
- Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
- How severe is CVE-2006-0058?
- CVE-2006-0058 has a CVSS 2.0 base score of 7.6, rated high severity.
- Is CVE-2006-0058 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 28% (98th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2006-0058?
- CVE-2006-0058 primarily affects Sendmail. In total, 6 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2006-0058?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2006-0058 published?
- CVE-2006-0058 was published on 2006-03-22 and last updated on 2026-06-16.
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-010.txt.asc
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24/SCOSA-2006.24.txt
- ftp://patches.sgi.com/support/free/security/advisories/20060302-01-P
- ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
- http://secunia.com/advisories/19342
- http://secunia.com/advisories/19345
- http://secunia.com/advisories/19346
- http://secunia.com/advisories/19349
- http://secunia.com/advisories/19356
- http://secunia.com/advisories/19360
- http://secunia.com/advisories/19361
- http://secunia.com/advisories/19363
- http://secunia.com/advisories/19367
- http://secunia.com/advisories/19368
- http://secunia.com/advisories/19394
- http://secunia.com/advisories/19404
- http://secunia.com/advisories/19407
- http://secunia.com/advisories/19450
- http://secunia.com/advisories/19466
- http://secunia.com/advisories/19532
- http://secunia.com/advisories/19533
- http://secunia.com/advisories/19676
- http://secunia.com/advisories/19774
- http://secunia.com/advisories/20243
- http://secunia.com/advisories/20723
- http://securityreason.com/securityalert/612
- http://securityreason.com/securityalert/743
Affected products (6)
- cpe:2.3:a:sendmail:sendmail:8.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:sendmail:sendmail:8.13.5:*:*:*:*:*:*:*
More vulnerabilities in Sendmail
- CVE-2003-0694 — Critical (CVSS 10.0): The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks,…
- CVE-2003-0161 — Critical (CVSS 10.0): The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain…
- CVE-2002-1337 — Critical (CVSS 10.0): Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted…
- CVE-2007-2246 — High (CVSS 7.8): Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when…
- CVE-2009-4565 — High (CVSS 7.5): sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate,…
- CVE-2006-7175 — High (CVSS 7.5): The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to…