EUVD-1999-0957

Malware in sbrugna...

EUVD-1999-1573

Malware in sbrugna...

EUVD-1999-0203

Malware in sbrugna...

CVE-1999-1592

Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129...

Eric Allman Sendmail 8.8 .x Socket Hijack Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/774/info Through exploiting a combination of seemingly low-risk vulnerabilities in sendmail, it is possible for a malicious local user to have an arbitrary program inherit or hijack the file descriptor for the socket...

Sendmail < 8.13.4 Multiple Vulnerabilities (deprecated)

Binary data 3029.prm...

HP-UX PHNE_29526 : s700_800 11.04 (VVOS) sendmail(1m) 8.9.3 patch

s700800 11.04 VVOS sendmail1m 8.9.3 patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability may be exploited remotely to gain unauthorized access or create a denial of service DoS...

HP-UX PHNE_28409 : s700_800 11.22 sendmail(1m) 8.11.1 patch

s700800 11.22 sendmail1m 8.11.1 patch : The remote HP-UX host is affected by multiple vulnerabilities : - Sendmail Restricted Shell smrsh may let local users bypass restrictions to execute code. - A potential security vulnerability has been identified with HP-UX sendmail, where the vulnerability...

[SECURITY] [DSA-384-1] New sendmail packages fix buffer overflows

-------------------------------------------------------------------------- Debian Security Advisory DSA 384-1 [email protected] http://www.debian.org/security/ Matt Zimmerman September 17th, 2003 http://www.debian.org/security/faq -...

Sendmail vulnerabilities fixed

The sendmail packages in Slackware 8.1, 9.0, and -current have been patched to fix security problems. These issues seem to be remotely exploitable, so all sites running sendmail should upgrade right away. Sendmail's 8.12.10 announcement may be found here: http://www.sendmail.org/8.12.10.html Here...

Sendmail < 8.7.6 Multiple Local Vulnerabilities

The remote Sendmail server, according to its version number, has a buffer overflow and denial of service problem. Using a flaw in the GECOS field handling, it may allow a local user to gain root access. C Tenable Network Security, Inc. Original script by Xue Yong Zhi Changes by Tenable: - Revised...

Sendmail 8.8.8 - 8.12.7 Multiple Vulnerabilities (Bypass, OF)

smrsh supplied by Sendmail is designed to prevent the execution of commands outside of the restricted environment. However, when commands are entered using either double pipes || or a mixture of dot and slash characters, a user may be able to bypass the checks performed by smrsh. This can lead to...

CVE-2002-1165

Sendmail Consortium's Restricted Shell SMRSH in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after 1 "||" sequences or 2 "/" characters, which are not properly...

iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 10.01.02 Sendmail smrsh bypass vulnerabilities DESCRIPTION It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium’s Restricted Shell SMRSH and execute a binary of his choosing by inserti...

Sendmail 8.6.9 IDENT Remote Overflow

The remote Sendmail server, according to its version number, may be vulnerable to the ident overflow which allows any remote attacker to execute arbitrary commands as root. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10278; scriptversion"1.19";...

Sendmail -C Malformed Configuration Privilege Escalation

The remote Sendmail server, according to its version number, may be vulnerable to a 'Mail System Compromise' when a user supplies a custom configuration file. Although the mail server is supposed to run as a non-privileged user, a programming error allows the local attacker to regain the extra...

RAZOR advisory: multiple Sendmail vulnerabilities

RAZOR Advisory: Multiple Local Sendmail Vulnerabilities ======================================================= Author: Michal Zalewski [email protected] Release Date: 10/01/2001 Assigned CVE numbers: CAN-2001-0713, CAN-2001-0714, CAN-2001-0715 Topic: ------ The Sendmail mail delivery...

Re: unsafe fgets&#40;&#41; in sendmail&#39;s mail.local

On Mon, Apr 24, 2000, 3APA3A wrote: Topic: unsafe fgets in sendmail's mail.local 1. Possibility to insert LMTP commands into e-mail message 2. Possibility of deadlock between sendmail and mail.local 3. Possibility to corrupt user's mailbox 4. Possibility to change e-mail headers of the message in...

unsafe fgets&#40;&#41; in sendmail&#39;s mail.local

Topic: unsafe fgets in sendmail's mail.local Description: There are 4 problems: 1. Possibility to insert LMTP commands into e-mail message 2. Possibility of deadlock between sendmail and mail.local 3. Possibility to corrupt user's mailbox 4. Possibility to change e-mail headers of the message in...

CVE-1999-0565

A Sendmail alias allows input to be piped to a program...