Sendmail@8.7.7 Security Vulnerabilities and Issues — Sendmail@8.7.7 CVE List

Lucene search

SendmailSendmail8.7.7

3 matches found

CVE•added 2010/01/04 9:30 p.m.•357 views

CVE-2009-4565

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allow...

7.5CVSS6.3AI score0.01808EPSS

CVE•added 2014/06/04 11:19 a.m.•268 views

CVE-2014-3956

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

1.9CVSS5.9AI score0.001EPSS

CVE•added 2009/05/05 7:30 p.m.•62 views

CVE-2009-1490

Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.

5CVSS8.1AI score0.18335EPSS