Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 25, 2006
Statement Date: May 25, 2006
Not Affected
No Borderware products are affected by this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: June 13, 2006
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: June 13, 2006
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 27, 2006
Statement Date: June 27, 2006
Not Affected
Check Point products are not affected by this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 15, 2006
Statement Date: May 15, 2006
Not Affected
F5 products are not vulnerable to this issue. Most F5 products do not contain sendmail, and those that do, do not run sendmail in mta mode.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: July 22, 2011
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 14, 2006
Statement Date: June 14, 2006
Not Affected
Foundry products do not utilize the sendmail function and are not vulnerable to this issue.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 14, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Refer to http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc
Notified: May 09, 2006 Updated: June 15, 2006
Statement Date: June 13, 2006
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 15, 2006
Statement Date: June 15, 2006
Affected
Gentoo Linux has this fixed in version 8.13.6-r1. For further details please see GLSA 200606-19 which will be issued shortly.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 26, 2006
Statement Date: June 19, 2006
Not Affected
Global Technology Associates' products are not vulnerable to this issue. GTA products do not contain sendmail.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 15, 2006
Statement Date: June 14, 2006
Not Affected
HI-UX/WE2 is NOT Vulnerable to this issue.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 14, 2006
Statement Date: June 14, 2006
Affected
To obtain a copy of our security advisory for this issue, please visit: https://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd The AIX Security Team is aware of the issues discussed in CERT Vulnerability Note VU#146718. IBM has provided interim fixes that remove possible attack vectors for this vulnerability. These interim fixes should be installed as a precautionary measure. The following APARs will be released to address this issue: APAR number for AIX 5.2.0: IY85930 (available approx. 08/23/06) APAR number for AIX 5.3.0: IY85415 (available approx. 08/09/06) An interim fix is available from: ftp://ftp.software.ibm.com/aix/efixes/security/sendmail_vu146718.tar.Z
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 10, 2006
Statement Date: May 10, 2006
Unknown
For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID= In order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to http://app-06.www.ibm.com/servers/resourcelink and follow the steps for registration. All questions should be referred to servsec@us.ibm.com.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: June 13, 2006
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 10, 2006
Statement Date: May 10, 2006
Not Affected
Intoto does not use sendmail or its derivatives in its products, so Intoto products are not susceptible to the possible sendmail Denial-of-Service condition documented in this CERT vulnerability note.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: June 13, 2006
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 10, 2006
Statement Date: May 10, 2006
Not Affected
IBM Lotus Domino is not affected by this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: July 14, 2006
Statement Date: July 14, 2006
Not Affected
Mirapoint is not vulnerable to VU#146718
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 15, 2006
Statement Date: June 14, 2006
Not Affected
NEC products are NOT susceptible to this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 15, 2006
Statement Date: June 14, 2006
Affected
In response to this and previous issues, Sendmail was removed entirely from the NetBSD-current base system on 2006-05-30. The default MTA has been switched to Postfix. These changes will be included in NetBSD 4.0 and later releases in order to minimise the risk and maintenance burden for any future sendmail issues. Sendmail remains in the base distribution for the presently maintained release branches, NetBSD 2.* and 3.*, and fixes for this issue have been applied. Sendmail remains as a supported MTA for users of all NetBSD versions (and many other platforms) via pkgsrc. Details of these fixes and further advice has been published in NetBSD Security Advisory 2006-017.
We are not aware of further vendor information regarding this vulnerability.
Refer to ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-017.txt.asc.
Notified: May 09, 2006 Updated: May 12, 2006
Statement Date: May 11, 2006
Not Affected
Network Appliance Inc products do not contain any sendmail code, we are therefore not affected by this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 16, 2006
Statement Date: June 16, 2006
Not Affected
www.nortel.com/securityadvisories
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 07, 2006 Updated: June 07, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 10, 2006
Statement Date: May 09, 2006
Not Affected
Openwall GNU/*/Linux is not affected. We use Postfix, not Sendmail.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 16, 2006
Statement Date: May 15, 2006
Not Affected
Oracle does not ship sendmail with any of its products. Therefore, our products are not vulnerable to this issue.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 09, 2006
Statement Date: June 08, 2006
Not Affected
No products made by Redback Networks are affected by this sendmail issue.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 14, 2006
Statement Date: June 14, 2006
Affected
Red Hat distributes Sendmail in all Red Hat Enterprise Linux releases. By default on Red Hat Enterprise Linux, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be remotely vulnerable to this denial of service issue. Updated Sendmail packages will shortly be available along with our advisory at the URL below. At the same time users of the Red Hat Network will be able to update their systems using the 'up2date' tool. https://rhn.redhat.com/errata/RHSA-2006-0515.html
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 21, 2006
Statement Date: June 21, 2006
Not Affected
Sidewinder G2 Security Appliance Not Vulnerable The standard defensive coding and configuration practices used on the Sidewinder G2 Security Appliance preve nt this attack from interrupting the flow of mail through the system. In a standard configuration, attack m essages will be rejected as invalid without causing an abnormal termination of sendmail. Due to the defensi ve design of the system, even if an attack message were able to cause an instance of sendmail to terminate, it would not prevent other messages from being delivered. As a matter of best practices and defense in depth, the sendmail update will be included in a future patch. Cyberguard Classic & TSP Not Vulnerable Cyberguard Class and TSP do not make use of sendmail for mail delivery.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 31, 2006 Updated: May 31, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 08, 2006 Updated: June 14, 2006
Statement Date: June 12, 2006
Affected
The Sendmail Consortium strongly recommends that Open Source sendmail users upgrade to 8.13.7 whenever possible. If that is not possible, source code patches are available for 8.12.11 and 8.13.6. Further information is available at http://www.sendmail.org/.
We are not aware of further vendor information regarding this vulnerability.
Updated: June 14, 2006
Statement Date: June 12, 2006
Affected
Sendmail, Inc. recommends patching commercial products incorporating the sendmail MTA (including all current versions of Sendmail Switch, Sendmail Multi-Switch, Sendmail Managed MTA, Intelligent Quarantine, and Sendmail Message Store/SAMS on all systems, as well as Sendmail Sentrion. Patch information is available at http://www.sendmail.com/security/. Further information is available at http://www.sendmail.com/support/, by email at customerservice@sendmail.com, or by telephone at +1-877-363-6245 (+1-87-SENDMAIL) (press 1) or +1-510-594-5401 (international).
We are not aware of further vendor information regarding this vulnerability.
Refer to http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 12, 2006 Updated: May 12, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 14, 2006
Statement Date: June 14, 2006
Affected
Sun can confirm that Solaris 8, 9, and 10 are affected by the issue described in CERT advisory VU#146718. Sun has published Sun Alert 102460 which includes details of the Solaris specific impact, contributing factors, workaround options and resolution information, and is available here: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102460-1 The Sun Alert will be kept up to date regarding progress on this issue.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: June 14, 2006
Statement Date: June 14, 2006
Not Affected
Syntegra is not effected by this problem and users should not encounter any problems.
We are not aware of further vendor information regarding this vulnerability.
Notified: June 14, 2006 Updated: June 14, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 27, 2006 Updated: May 27, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 10, 2006
Statement Date: May 10, 2006
Unknown
Ubuntu does not officially support sendmail (it resides in the 'universe' component of the archive). There will be no guarantee of a timely security update and no official Ubuntu Security Notification will be issued. However, the issue will be fixed for the current development release; also it is very likely that the latest stable release Ubuntu 5.10 will get an unofficial update.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: June 13, 2006
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: June 13, 2006
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 09, 2006 Updated: May 09, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.