Vulnerabilities > Sendmail

DATE CVE VULNERABILITY TITLE RISK
2014-06-04 CVE-2014-3956 Information Exposure vulnerability in multiple products
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
1.9
2010-01-04 CVE-2009-4565 Cryptographic Issues vulnerability in Sendmail
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
network
low complexity
sendmail CWE-310
7.5
2009-05-05 CVE-2009-1490 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sendmail
Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
network
low complexity
sendmail CWE-119
5.0
2007-04-25 CVE-2007-2246 Resource Management Errors vulnerability in Sendmail 8.11.1/8.9.3
Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors.
network
low complexity
hp sendmail CWE-399
7.8
2007-03-27 CVE-2006-7176 Localhost.Localdomain Email Spoofing vulnerability in Sendmail 8.13.1.2
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
network
redhat sendmail
4.3
2007-03-27 CVE-2006-7175 Remote Security vulnerability in Sendmail 8.13.1.2
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.
network
low complexity
redhat sendmail
7.5
2006-08-29 CVE-2006-4434 Resource Management Errors vulnerability in Sendmail
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced.
network
low complexity
sendmail CWE-399
5.0
2006-06-07 CVE-2006-1173 Resource Management Errors vulnerability in Sendmail
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
network
low complexity
sendmail CWE-399
5.0
2006-03-22 CVE-2006-0058 Remote Code Execution vulnerability in Sendmail Asynchronous Signal Handling
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
network
high complexity
sendmail
7.6
2005-06-29 CVE-2005-2070 Remote Denial Of Service Weakness in Sendmail Milter
The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.
network
low complexity
sendmail
5.0