U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:sendmail:sendmail:8.13.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 5 matching records.
Displaying matches 1 through 5.
Vuln ID Summary CVSS Severity
CVE-2014-3956

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

Published: June 04, 2014; 7:19:13 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2009-4565

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Published: January 04, 2010; 4:30:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2009-1490

Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.

Published: May 05, 2009; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-1173

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.

Published: June 07, 2006; 7:06:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0058

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

Published: March 22, 2006; 3:06:00 PM -0500
V3.x:(not available)
V2.0: 7.6 HIGH