[KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability

------------------------------------------------------------------- Concrete5 = 5.7.3.1 sendmail Remote Code Execution Vulnerability ------------------------------------------------------------------- - Software Link: https://www.concrete5.org/ - Affected Versions: Version 5.7.3.1 and probably...

Concrete CMS: Sendmail Remote Code Execution Vulnerability in Concrete5 version 5.7.3.1

Concrete5 is vulnerable to a Remote Code Execution because it fails to properly validate certain user input used as sender email address when sending out a registration notification email. This vulnerability is mitigated by the fact that it can be exploited only by authenticated administrator use...

Mandriva Linux Security Advisory : sendmail (MDVSA-2015:128)

Updated sendmail packages fix security vulnerability : Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery e.g., via procmai...

IT-Grundschutz M5.019: Einsatz der Sicherheitsmechanismen von sendmail

IT-Grundschutz M5.019: Einsatz der Sicherheitsmechanismen von sendmail. Stand: 14. Ergänzungslieferung 14. EL. OpenVAS Vulnerability Test $Id: GSHBM5019.nasl 7883 2017-11-23 11:22:59Z emoss $ IT-Grundschutz, 14. EL, Maßnahme 5.019 Authors: Thomas Rotter Copyright: Copyright c 2015 Greenbone...

IT-Grundschutz M5.019: Einsatz der Sicherheitsmechanismen von sendmail

IT-Grundschutz M5.019: Einsatz der Sicherheitsmechanismen von sendmail. Stand: 14. Ergaenzungslieferung 14. EL. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

Oracle Solaris Third-Party Patch Update : sendmail (cve_2014_3956_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FDCLOEXEC flags, which allows local users to access unintended...

Ubuntu 14.04 LTS : bsd-mailx vulnerability (USN-2455-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2455-1 advisory. It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could...

USN-2455-1: bsd-mailx vulnerability

It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and...

USN-2455-1 bsd-mailx vulnerability

It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and...

GLSA-201412-32 : sendmail: Information disclosure

The remote host is affected by the vulnerability described in GLSA-201412-32 sendmail: Information disclosure The smcloseonexec function in conf.c has arguments in the wrong order. Impact : A local attacker could get access to unintended high-numbered file descriptors via a specially crafted...

sendmail: Information disclosure

Background sendmail is a widely-used Mail Transport Agent MTA. Description The smcloseonexec function in conf.c has arguments in the wrong order. Impact A local attacker could get access to unintended high-numbered file descriptors via a specially crafted program. Workaround There is no known...

Solaris 10 (x86) : 151075-06 (deprecated)

SunOS 5.10x86: sendmail patch. Date this patch was last updated by Sun : May/11/17 This plugin has been deprecated and either replaced with individual 151075 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on...

Solaris 10 (sparc) : 151074-06 (deprecated)

SunOS 5.10: sendmail patch. Date this patch was last updated by Sun : May/11/17 This plugin has been deprecated and either replaced with individual 151074 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on...

[SECURITY] Fedora 21 Update: sysklogd-1.5-18.fc21

The sysklogd package contains two system utilities syslogd and klogd which provide support for system logging. Syslogd and klogd run as daemons background processes and log system messages to different places, like sendmail logs, security logs, error logs, etc...

[SECURITY] Fedora 20 Update: sysklogd-1.5-18.fc20

The sysklogd package contains two system utilities syslogd and klogd which provide support for system logging. Syslogd and klogd run as daemons background processes and log system messages to different places, like sendmail logs, security logs, error logs, etc...

[SECURITY] Fedora 19 Update: exim-4.80.1-4.fc19

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

Mandriva Linux Security Advisory : sendmail (MDVSA-2014:147)

Updated sendmail packages fix security vulnerability : Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery e.g., via procmai...

SuSE 11.3 Security Update : sendmail (SAT Patch Number 9345)

sendmail has been updated to fix the following security issue : - Not properly closing file descriptors before executing programs. CVE-2014-3956 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...

Sendmail 8.9.2 Headers Prescan Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8674/info Sendmail has been reported prone to a denial of service vulnerability when handling malicious SMTP mail headers. The vulnerability has been reported to present itself, due to an inefficient implementation of a...

RedHat <= 6.1,IRIX <= 6.5.18 lpd Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/927/info Multiple vulnerabilities have been discovered in lpd, shipped with various Linux and Unix distributions. It has been reported that lpd fails to properly authenticate hostnames. This could allow an unauthenticated...