Sendmail@8.11.4 Security Vulnerabilities and Issues — Sendmail@8.11.4 CVE List

Lucene search

SendmailSendmail8.11.4

11 matches found

CVE•added 2010/01/04 9:30 p.m.•357 views

CVE-2009-4565

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allow...

7.5CVSS6.3AI score0.01808EPSS

CVE•added 2014/06/04 11:19 a.m.•268 views

CVE-2014-3956

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

1.9CVSS5.9AI score0.001EPSS

CVE•added 2003/04/02 5:0 a.m.•93 views

CVE-2003-0161

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers...

10CVSS7.6AI score0.71952EPSS

CVE•added 2003/10/06 4:0 a.m.•92 views

CVE-2003-0694

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

10CVSS7.7AI score0.7608EPSS

CVE•added 2006/06/07 11:6 p.m.•90 views

CVE-2006-1173

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might ...

5CVSS7.3AI score0.21456EPSS

CVE•added 2003/10/06 4:0 a.m.•72 views

CVE-2003-0681

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

7.5CVSS6.8AI score0.12435EPSS

CVE•added 2009/05/05 7:30 p.m.•62 views

CVE-2009-1490

Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.

5CVSS8.1AI score0.18335EPSS

CVE•added 2007/10/18 10:0 a.m.•54 views

CVE-2002-2261

Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.

7.5CVSS6.5AI score0.00491EPSS

CVE•added 2005/06/29 4:0 a.m.•51 views

CVE-2005-2070

The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.

5CVSS9AI score0.00952EPSS

CVE•added 2005/06/28 4:0 a.m.•48 views

CVE-2002-1827

Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.

2.1CVSS6.3AI score0.00395EPSS

CVE•added 2002/03/09 5:0 a.m.•45 views

CVE-2001-0653

Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.

4.6CVSS6.6AI score0.00317EPSS