Sendmail

Sendmail

36 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.6

CVE-2006-0058

  • EPSS 58.99%
  • Published 22.03.2006 20:06:00
  • Last modified 03.04.2025 01:03:51

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory location...

5

CVE-2005-2070

  • EPSS 0.95%
  • Published 29.06.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.

5

CVE-2003-0688

  • EPSS 1.71%
  • Published 20.10.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that caus...

10

CVE-2003-0694

  • EPSS 76.08%
  • Published 06.10.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

7.5

CVE-2003-0681

  • EPSS 12.44%
  • Published 06.10.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

7.2

CVE-2003-0308

  • EPSS 0.06%
  • Published 15.05.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.

10

CVE-2003-0161

  • EPSS 71.95%
  • Published 02.04.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a s...

10

CVE-2002-1337

Exploit
  • EPSS 51.42%
  • Published 07.03.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

6.4

CVE-2002-2423

  • EPSS 0.27%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.

7.5

CVE-2002-2261

  • EPSS 0.49%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.