4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.011 Low
EPSS
Percentile
84.2%
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the “localhost.localdomain” domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | sendmail | < 8.17.1.9-2 | sendmail_8.17.1.9-2_all.deb |
Debian | 11 | all | sendmail | < 8.15.2-22 | sendmail_8.15.2-22_all.deb |
Debian | 10 | all | sendmail | < 8.15.2-14~deb10u1 | sendmail_8.15.2-14~deb10u1_all.deb |
Debian | 999 | all | sendmail | < 8.18.1-2 | sendmail_8.18.1-2_all.deb |
Debian | 13 | all | sendmail | < 8.18.1-2 | sendmail_8.18.1-2_all.deb |