Debian Sendmail vulnerabilities

CVE-2023-51765 [MEDIUM] CVE-2023-51765: sendmail - sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote ... sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is resolved in 8.18 and later ver

CVE-2022-31256 [HIGH] CVE-2022-31256: sendmail - A Improper Link Resolution Before File Access ('Link Following') vulnerability i... A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resol

CVE-2021-3618 [HIGH] CVE-2021-3618: nginx - ALPACA is an application layer protocol content confusion attack, exploiting TLS... ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks

CVE-2014-3956 [LOW] CVE-2014-3956: sendmail - The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments ... The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. Scope: local bookworm: resolved (fixed in 8.14.4-6) bullseye: resolved (fixed in 8.14.4-6) forky: r

CVE-2009-4565 [MEDIUM] CVE-2009-4565: sendmail - sendmail before 8.14.4 does not properly handle a '\0' character in a Common Nam... sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a craf

CVE-2009-1490 [MEDIUM] CVE-2009-1490: sendmail - Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to ... Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header. Scope: local bookworm: resolved (fixed in 8.13.2-0) bullseye: resolved (fixed in 8.13.2-0) forky: resolved (fixed in 8.13.2-0) sid: resolved (fixed

CVE-2006-0058 [HIGH] CVE-2006-0058: sendmail - Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote att... Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations. Scope: local bookworm: resolved (fixed in 8.13.6-1) bullseye: resolved (fixed in 8.13.6-1) forky: resolved (fixed in

CVE-2006-4434 [HIGH] CVE-2006-4434: sendmail - Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers t... Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if

CVE-2006-7175 [HIGH] CVE-2006-7175: sendmail - The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earl... The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2006-7176 [MEDIUM] CVE-2006-7176: sendmail - The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earl... The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2006-1173 [MEDIUM] CVE-2006-1173: sendmail - Sendmail before 8.13.7 allows remote attackers to cause a denial of service via ... Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files. Scope: local bookworm:

CVE-2004-0833 [HIGH] CVE-2004-0833: sendmail - Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a... Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages. Scope: local bookworm: resolved (fixed in 8.13.1-13) bullseye: resolved (fixed in 8.13.1-13) forky: resolved (fixed in 8.13.1

CVE-2003-0694 [CRITICAL] CVE-2003-0694: sendmail - The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbit... The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. Scope: local bookworm: resolved (fixed in 8.12.10-1) bullseye: resolved (fixed in 8.12.10-1) forky: resolved (fixed in 8.12.10-1) sid: resolved (fixed in 8.12.10-1) trixie: resolved (fi

CVE-2003-0161 [CRITICAL] CVE-2003-0161: sendmail - The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.... The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code

CVE-2003-0308 [HIGH] CVE-2003-0308: sendmail - The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create tem... The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl. Scope: local bookworm: resolved (fixed in 8.12.9-2) bullseye: resolved (fixed in 8.12.9-2) forky: resolved (fixed in 8.12.9-2) sid: resolved (fixed in 8.12.9-

CVE-2003-0681 [HIGH] CVE-2003-0681: sendmail - A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using... A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. Scope: local bookworm: resolved (fixed in 8.12.10-1) bullseye: resolved (fixed in 8.12.10-1) forky: resolved (fixed in 8.12.10-1) sid: resolved (fixed in 8.12.10-1) tr

CVE-2003-0688 [MEDIUM] CVE-2003-0688: sendmail - The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" featu... The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data. Scope: local bookworm: resolved (fixed in 8.12.9) bullseye: resolved (fixed in 8.

CVE-2002-1337 [CRITICAL] CVE-2002-1337: sendmail - Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute ar... Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. Scope: local bookworm: resolved (fixed in 8.13.0.PreAlpha4-0) bullseye: resolved (fixed in 8.13.0.PreAlpha4-0) forky: resolved (fixed

CVE-2002-0906 [HIGH] CVE-2002-0906: sendmail - Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS m... Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server. Scope: local bookworm: resolved (fixed in 8.12.5) bullseye: resolved (fixed in 8.12.5) forky: resolved (fixed in 8.12.5) sid: resolved (fixed in 8.

CVE-2002-2261 [HIGH] CVE-2002-2261: sendmail - Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restric... Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname. Scope: local bookworm: resolved (fixed in 8.12.7) bullseye: resolved (fixed in 8.12.7) forky: resolved (fixed in 8.12.7) sid: resolved (fixed in 8.12.7) trixie: resolved (fixed in 8.12.7)