VYPR

Sendmail

by Sendmail, Inc.

CVEs (52)

  • CVE-2006-7176Mar 27, 2007
    risk 0.00cvss epss 0.02

    The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.

  • CVE-2006-1173Jun 7, 2006
    risk 0.00cvss epss 0.05

    Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued…

  • CVE-2005-2070Jun 29, 2005
    risk 0.00cvss epss 0.02

    The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.

  • CVE-2004-0833Dec 23, 2004
    risk 0.00cvss epss 0.03

    Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.

  • CVE-2003-0688Oct 20, 2003
    risk 0.00cvss epss 0.03

    The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect…

  • CVE-2003-0308May 15, 2003
    risk 0.00cvss epss 0.00

    The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.

  • CVE-2002-2261Dec 31, 2002
    risk 0.00cvss epss 0.02

    Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.

  • CVE-2002-2423Dec 31, 2002
    risk 0.00cvss epss 0.01

    Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.

  • CVE-2002-0906Oct 4, 2002
    risk 0.00cvss epss 0.04

    Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.

  • CVE-2001-0713Oct 30, 2001
    risk 0.00cvss epss 0.00

    Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1)…

  • CVE-2001-0714Oct 30, 2001
    risk 0.00cvss epss 0.00

    Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS…

  • CVE-2001-0715Oct 30, 2001
    risk 0.00cvss epss 0.00

    Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.

  • CVE-2001-0588Aug 22, 2001
    risk 0.00cvss epss 0.00

    sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.

  • CVE-2001-1349May 28, 2001
    risk 0.00cvss epss 0.00

    Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.

  • CVE-2000-0319Apr 23, 2000
    risk 0.00cvss epss 0.02

    mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.

  • CVE-1999-1592Dec 31, 1999
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.

  • CVE-1999-0976Dec 7, 1999
    risk 0.00cvss epss 0.00

    Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.

  • CVE-1999-0684Apr 19, 1999
    risk 0.00cvss epss 0.02

    Denial of service in Sendmail 8.8.6 in HPUX.

  • CVE-1999-0205Jan 1, 1999
    risk 0.00cvss epss 0.01

    Denial of service in Sendmail 8.6.11 and 8.6.12.

  • CVE-1999-0478Dec 1, 1998
    risk 0.00cvss epss 0.01

    Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.