Applies To:

Show Versions Show Versions

sol6339: Sendmail race condition - VU#834865
Security AdvisorySecurity Advisory

Original Publication Date: 05/16/2007
Updated Date: 09/20/2010

Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks' security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to SOL4602: Overview of F5 Networks security vulnerability response policy.

F5 Networks products and versions that have been evaluated for this Security Advisory

Product Affected Not Affected
BIG-IP / 3-DNS 4.6.0 - 4.6.2 
4.5.0 - 4.5.11
4.5.12 - 4.5.14
4.6.3 - 4.6.4
BIG-IP LTM  None 9.x
10.x
BIG-IP GTM  None 9.x
10.x
BIG-IP ASM  None 9.x
10.x
BIG-IP Link Controller  None 9.x
10.x
BIG-IP WebAccelerator  None 9.x
10.x
BIG-IP PSM  None 9.x
10.x
BIG-IP WAN Optimization  None 10.x
10.x
BIG-IP APM  None 10.x
BIG-IP Edge Gateway  None 10.x
BIG-IP SAM  None 8.0.0
FirePass  None 5.x
6.x
7.x
Enterprise Manager  None 1.x
2.x
WANJet  None 4.x
5.x
WebAccelerator 5.1.0 - 5.1.5 5.2.0 - 5.3.1

F5 Networks Product Development tracked this issue and it was fixed in BIG-IP and 3-DNS version 4.5.11 for the 4.5 software branch and in version 4.6.2 for the 4.6 software branch.

F5 Networks Product Development tracked this issue and it was fixed in WebAccelerator version 5.2 for the 5.x software branch. For information about upgrading, refer to the WebAccelerator Release Notes.

Sendmail versions prior to 8.13.6 are subject to a race condition that can be exploited, allowing an attacker to execute arbitrary code. Some versions of 3-DNS, BIG-IP, and WebAccelerator contain affected versions of Sendmail. These versions, however, are vulnerable only if you have made unsupported customizations to your configuration.

Sendmail is only vulnerable when running as a daemon. By default, no F5 Networks products run Sendmail as a daemon.

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)