Vendor CVEs
Sendmail, Inc.
All CVEs
52 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-4434 | Hig | 0.49 | 7.5 | 0.04 | Aug 29, 2006 | Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying… | ||
| CVE-2002-1337 | 0.09 | — | 0.72 | Mar 7, 2003 | Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. | |||
| CVE-2003-0694 | 0.08 | — | 0.60 | Oct 6, 2003 | The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. | |||
| CVE-1999-0661 | 0.07 | — | 0.54 | Jan 1, 1999 | A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail… | |||
| CVE-2003-0161 | 0.06 | — | 0.38 | Apr 2, 2003 | The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control… | |||
| CVE-2006-0058 | 0.05 | — | 0.28 | Mar 22, 2006 | Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations. | |||
| CVE-2003-0681 | 0.05 | — | 0.20 | Oct 6, 2003 | A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. | |||
| CVE-2009-1490 | 0.04 | — | 0.13 | May 5, 2009 | Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header. | |||
| CVE-1999-1109 | 0.04 | — | 0.07 | Dec 22, 1999 | Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated. | |||
| CVE-1999-0204 | 0.04 | — | 0.09 | Jan 1, 1997 | Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. | |||
| CVE-2002-1827 | 0.03 | — | 0.01 | Dec 31, 2002 | Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files. | |||
| CVE-2002-1165 | 0.03 | — | 0.01 | Oct 11, 2002 | Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters,… | |||
| CVE-2001-0653 | 0.03 | — | 0.01 | Sep 20, 2001 | Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number. | |||
| CVE-1999-0393 | 0.03 | — | 0.02 | Jan 1, 1999 | Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. | |||
| CVE-1999-0130 | 0.03 | — | 0.01 | Nov 16, 1996 | Local users can start Sendmail in daemon mode and gain root privileges. | |||
| CVE-2023-51765 | 0.00 | — | 0.01 | Dec 24, 2023 | sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports… | |||
| CVE-2014-3956 | 0.00 | — | 0.01 | Jun 4, 2014 | The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. | |||
| CVE-2009-4565 | 0.00 | — | 0.02 | Jan 4, 2010 | sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification… | |||
| CVE-2007-2246 | 0.00 | — | 0.02 | Apr 25, 2007 | Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not… | |||
| CVE-2006-7175 | 0.00 | — | 0.01 | Mar 27, 2007 | The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. | |||
| CVE-2006-7176 | 0.00 | — | 0.02 | Mar 27, 2007 | The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. | |||
| CVE-2006-1173 | 0.00 | — | 0.05 | Jun 7, 2006 | Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued… | |||
| CVE-2005-2070 | 0.00 | — | 0.02 | Jun 29, 2005 | The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading. | |||
| CVE-2004-0833 | 0.00 | — | 0.03 | Dec 23, 2004 | Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages. | |||
| CVE-2003-0688 | 0.00 | — | 0.03 | Oct 20, 2003 | The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect… | |||
| CVE-2003-0308 | 0.00 | — | 0.00 | May 15, 2003 | The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl. | |||
| CVE-2002-2423 | 0.00 | — | 0.01 | Dec 31, 2002 | Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response. | |||
| CVE-2002-2261 | 0.00 | — | 0.02 | Dec 31, 2002 | Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname. | |||
| CVE-2002-0906 | 0.00 | — | 0.04 | Oct 4, 2002 | Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server. | |||
| CVE-2001-0713 | 0.00 | — | 0.00 | Oct 30, 2001 | Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1)… | |||
| CVE-2001-0714 | 0.00 | — | 0.00 | Oct 30, 2001 | Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS… | |||
| CVE-2001-0715 | 0.00 | — | 0.00 | Oct 30, 2001 | Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode. | |||
| CVE-2001-0588 | 0.00 | — | 0.00 | Aug 22, 2001 | sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command. | |||
| CVE-2001-1349 | 0.00 | — | 0.00 | May 28, 2001 | Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers. | |||
| CVE-2000-0319 | 0.00 | — | 0.02 | Apr 23, 2000 | mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n. | |||
| CVE-1999-1592 | 0.00 | — | 0.01 | Dec 31, 1999 | Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129. | |||
| CVE-1999-0976 | 0.00 | — | 0.00 | Dec 7, 1999 | Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail. | |||
| CVE-1999-0684 | 0.00 | — | 0.02 | Apr 19, 1999 | Denial of service in Sendmail 8.8.6 in HPUX. | |||
| CVE-1999-0205 | 0.00 | — | 0.01 | Jan 1, 1999 | Denial of service in Sendmail 8.6.11 and 8.6.12. | |||
| CVE-1999-0478 | 0.00 | — | 0.01 | Dec 1, 1998 | Denial of service in HP-UX sendmail 8.8.6 related to accepting connections. | |||
| CVE-1999-0098 | 0.00 | — | 0.03 | Apr 1, 1998 | Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities. | |||
| CVE-1999-0047 | 0.00 | — | 0.03 | Jan 28, 1997 | MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. | |||
| CVE-1999-0163 | 0.00 | — | 0.00 | Jan 1, 1997 | In older versions of Sendmail, an attacker could use a pipe character to execute root commands. | |||
| CVE-1999-0096 | 0.00 | — | 0.01 | Dec 10, 1996 | Sendmail decode alias can be used to overwrite sensitive files. | |||
| CVE-1999-0129 | 0.00 | — | 0.01 | Dec 3, 1996 | Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. | |||
| CVE-1999-0206 | 0.00 | — | 0.02 | Oct 1, 1996 | MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. | |||
| CVE-1999-0131 | 0.00 | — | 0.01 | Sep 11, 1996 | Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. | |||
| CVE-1999-1309 | 0.00 | — | 0.00 | Aug 30, 1996 | Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option. | |||
| CVE-1999-1580 | 0.00 | — | 0.01 | Aug 23, 1995 | SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option. | |||
| CVE-1999-0203 | 0.00 | — | 0.02 | Aug 17, 1995 | In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. |
- risk 0.49cvss 7.5epss 0.04
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying…
- CVE-2002-1337Mar 7, 2003risk 0.09cvss —epss 0.72
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
- CVE-2003-0694Oct 6, 2003risk 0.08cvss —epss 0.60
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
- CVE-1999-0661Jan 1, 1999risk 0.07cvss —epss 0.54
A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail…
- CVE-2003-0161Apr 2, 2003risk 0.06cvss —epss 0.38
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control…
- CVE-2006-0058Mar 22, 2006risk 0.05cvss —epss 0.28
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
- CVE-2003-0681Oct 6, 2003risk 0.05cvss —epss 0.20
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
- CVE-2009-1490May 5, 2009risk 0.04cvss —epss 0.13
Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
- CVE-1999-1109Dec 22, 1999risk 0.04cvss —epss 0.07
Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.
- CVE-1999-0204Jan 1, 1997risk 0.04cvss —epss 0.09
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.
- CVE-2002-1827Dec 31, 2002risk 0.03cvss —epss 0.01
Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.
- CVE-2002-1165Oct 11, 2002risk 0.03cvss —epss 0.01
Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters,…
- CVE-2001-0653Sep 20, 2001risk 0.03cvss —epss 0.01
Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
- CVE-1999-0393Jan 1, 1999risk 0.03cvss —epss 0.02
Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.
- CVE-1999-0130Nov 16, 1996risk 0.03cvss —epss 0.01
Local users can start Sendmail in daemon mode and gain root privileges.
- CVE-2023-51765Dec 24, 2023risk 0.00cvss —epss 0.01
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports…
- CVE-2014-3956Jun 4, 2014risk 0.00cvss —epss 0.01
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
- CVE-2009-4565Jan 4, 2010risk 0.00cvss —epss 0.02
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification…
- CVE-2007-2246Apr 25, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not…
- CVE-2006-7175Mar 27, 2007risk 0.00cvss —epss 0.01
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.
- CVE-2006-7176Mar 27, 2007risk 0.00cvss —epss 0.02
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
- CVE-2006-1173Jun 7, 2006risk 0.00cvss —epss 0.05
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued…
- CVE-2005-2070Jun 29, 2005risk 0.00cvss —epss 0.02
The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.
- CVE-2004-0833Dec 23, 2004risk 0.00cvss —epss 0.03
Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.
- CVE-2003-0688Oct 20, 2003risk 0.00cvss —epss 0.03
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect…
- CVE-2003-0308May 15, 2003risk 0.00cvss —epss 0.00
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.
- CVE-2002-2423Dec 31, 2002risk 0.00cvss —epss 0.01
Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.
- CVE-2002-2261Dec 31, 2002risk 0.00cvss —epss 0.02
Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.
- CVE-2002-0906Oct 4, 2002risk 0.00cvss —epss 0.04
Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.
- CVE-2001-0713Oct 30, 2001risk 0.00cvss —epss 0.00
Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1)…
- CVE-2001-0714Oct 30, 2001risk 0.00cvss —epss 0.00
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS…
- CVE-2001-0715Oct 30, 2001risk 0.00cvss —epss 0.00
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.
- CVE-2001-0588Aug 22, 2001risk 0.00cvss —epss 0.00
sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
- CVE-2001-1349May 28, 2001risk 0.00cvss —epss 0.00
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.
- CVE-2000-0319Apr 23, 2000risk 0.00cvss —epss 0.02
mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.
- CVE-1999-1592Dec 31, 1999risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.
- CVE-1999-0976Dec 7, 1999risk 0.00cvss —epss 0.00
Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.
- CVE-1999-0684Apr 19, 1999risk 0.00cvss —epss 0.02
Denial of service in Sendmail 8.8.6 in HPUX.
- CVE-1999-0205Jan 1, 1999risk 0.00cvss —epss 0.01
Denial of service in Sendmail 8.6.11 and 8.6.12.
- CVE-1999-0478Dec 1, 1998risk 0.00cvss —epss 0.01
Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.
- CVE-1999-0098Apr 1, 1998risk 0.00cvss —epss 0.03
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.
- CVE-1999-0047Jan 28, 1997risk 0.00cvss —epss 0.03
MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.
- CVE-1999-0163Jan 1, 1997risk 0.00cvss —epss 0.00
In older versions of Sendmail, an attacker could use a pipe character to execute root commands.
- CVE-1999-0096Dec 10, 1996risk 0.00cvss —epss 0.01
Sendmail decode alias can be used to overwrite sensitive files.
- CVE-1999-0129Dec 3, 1996risk 0.00cvss —epss 0.01
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
- CVE-1999-0206Oct 1, 1996risk 0.00cvss —epss 0.02
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.
- CVE-1999-0131Sep 11, 1996risk 0.00cvss —epss 0.01
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
- CVE-1999-1309Aug 30, 1996risk 0.00cvss —epss 0.00
Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option.
- CVE-1999-1580Aug 23, 1995risk 0.00cvss —epss 0.01
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
- CVE-1999-0203Aug 17, 1995risk 0.00cvss —epss 0.02
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
Page 1 of 2