Lucene search

K
SendmailSendmail

33 matches found

CVE
CVE
added 2022/03/23 8:15 p.m.2465 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from...

7.4CVSS7.5AI score0.00197EPSS
CVE
CVE
added 2010/01/04 9:30 p.m.357 views

CVE-2009-4565

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allow...

7.5CVSS6.3AI score0.01236EPSS
CVE
CVE
added 2014/06/04 11:19 a.m.268 views

CVE-2014-3956

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

1.9CVSS5.9AI score0.00111EPSS
CVE
CVE
added 2006/03/22 8:6 p.m.221 views

CVE-2006-0058

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

7.6CVSS7.7AI score0.69049EPSS
CVE
CVE
added 2023/12/24 6:15 a.m.140 views

CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other pop...

5.3CVSS5.4AI score0.00608EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.93 views

CVE-2003-0161

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers...

10CVSS7.6AI score0.65759EPSS
CVE
CVE
added 2003/10/06 4:0 a.m.92 views

CVE-2003-0694

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

10CVSS7.7AI score0.7608EPSS
CVE
CVE
added 2006/06/07 11:6 p.m.90 views

CVE-2006-1173

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might ...

5CVSS7.3AI score0.25248EPSS
CVE
CVE
added 2007/04/25 4:19 p.m.80 views

CVE-2007-2246

Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issu...

7.8CVSS7.2AI score0.25248EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.79 views

CVE-2002-1337

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

10CVSS7.6AI score0.51022EPSS
CVE
CVE
added 2003/10/06 4:0 a.m.72 views

CVE-2003-0681

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

7.5CVSS6.8AI score0.1288EPSS
CVE
CVE
added 2006/08/29 12:4 a.m.72 views

CVE-2006-4434

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of s...

7.5CVSS7.3AI score0.07587EPSS
CVE
CVE
added 2002/10/11 4:0 a.m.66 views

CVE-2002-1165

Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly ...

4.6CVSS6.5AI score0.029EPSS
CVE
CVE
added 2009/05/05 7:30 p.m.62 views

CVE-2009-1490

Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.

5CVSS8.1AI score0.19842EPSS
CVE
CVE
added 2007/10/18 10:0 a.m.54 views

CVE-2002-2261

Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.

7.5CVSS6.5AI score0.00653EPSS
CVE
CVE
added 2005/06/29 4:0 a.m.51 views

CVE-2005-2070

The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.

5CVSS9AI score0.00763EPSS
CVE
CVE
added 2007/07/12 5:0 p.m.50 views

CVE-1999-1592

Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.

7.5CVSS7.1AI score0.00296EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.48 views

CVE-1999-0478

Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.

5CVSS6.7AI score0.00504EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.48 views

CVE-2002-1827

Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.

2.1CVSS6.3AI score0.00407EPSS
CVE
CVE
added 2003/10/20 4:0 a.m.47 views

CVE-2003-0688

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

5CVSS6.7AI score0.01711EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.46 views

CVE-1999-1109

Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.

5CVSS6.8AI score0.05219EPSS
CVE
CVE
added 2001/10/30 5:0 a.m.46 views

CVE-2001-0713

Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that ar...

4.6CVSS6.5AI score0.00066EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.46 views

CVE-2002-0906

Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.

7.5CVSS8AI score0.02974EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.45 views

CVE-2001-0653

Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.

4.6CVSS6.6AI score0.00327EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.45 views

CVE-2001-1349

Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.

3.7CVSS6.6AI score0.00077EPSS
CVE
CVE
added 2003/05/17 4:0 a.m.44 views

CVE-2003-0308

The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.

7.2CVSS6.3AI score0.00061EPSS
CVE
CVE
added 2001/10/30 5:0 a.m.42 views

CVE-2001-0714

Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option.

2.1CVSS6.3AI score0.00058EPSS
CVE
CVE
added 2001/10/30 5:0 a.m.42 views

CVE-2001-0715

Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.

2.1CVSS5.7AI score0.00092EPSS
CVE
CVE
added 2007/03/27 11:19 p.m.41 views

CVE-2006-7176

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.

4.3CVSS5.6AI score0.00697EPSS
CVE
CVE
added 2007/03/27 11:19 p.m.37 views

CVE-2006-7175

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.

7.5CVSS6.5AI score0.00233EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.34 views

CVE-1999-1580

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.

7.2CVSS6.8AI score0.00778EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.31 views

CVE-1999-1309

Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option.

7.2CVSS6.8AI score0.00116EPSS
CVE
CVE
added 2007/11/01 5:0 p.m.25 views

CVE-2002-2423

Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.

6.4CVSS7AI score0.00274EPSS