Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sendmail
(Sendmail)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 33 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-06-07 | CVE-2006-1173 | Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files. | Sendmail | N/A | ||
| 2006-03-22 | CVE-2006-0058 | Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations. | Sendmail | N/A | ||
| 2005-06-29 | CVE-2005-2070 | The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading. | Sendmail | N/A | ||
| 2003-10-06 | CVE-2003-0694 | The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. | Mac_os_x, Mac_os_x_server, Tru64, Freebsd, Linux, Hp\-Ux, Aix, Netbsd, Advanced_message_server, Sendmail, Sendmail_pro, Sendmail_switch, Irix, Solaris, Sunos, Turbolinux_advanced_server, Turbolinux_server, Turbolinux_workstation | N/A | ||
| 2003-10-20 | CVE-2003-0688 | The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data. | Tru64, Freebsd, Openbsd, Sendmail, Sendmail, Irix | N/A | ||
| 2003-10-06 | CVE-2003-0681 | A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. | Mac_os_x, Mac_os_x_server, Linux, Hp\-Ux, Aix, Netbsd, Openbsd, Advanced_message_server, Sendmail, Sendmail_pro, Sendmail_switch, Turbolinux_advanced_server, Turbolinux_server, Turbolinux_workstation | N/A | ||
| 2003-05-15 | CVE-2003-0308 | The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl. | Debian_linux, Sendmail | N/A | ||
| 2003-04-02 | CVE-2003-0161 | The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337. | Tru64, Hp\-Ux, Hp\-Ux_series_700, Hp\-Ux_series_800, Sis, Sendmail, Sendmail_switch, Solaris, Sunos | N/A | ||
| 2002-12-31 | CVE-2002-2423 | Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response. | Sendmail | N/A | ||
| 2002-12-31 | CVE-2002-2261 | Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname. | Sendmail | N/A |