This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:sendmail:sendmail:8.12:beta5 |
| Detail | |||
|---|---|---|---|
| Vendor | Sendmail | First view | 2001-09-20 |
| Product | Sendmail | Last view | 2010-01-04 |
| Version | 8.12 | Type | Application |
| Edition | |||
| Language | |||
| Update | beta5 | ||
| CPE Product | cpe:/a:sendmail:sendmail | ||
Activity : Yearly
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 7.5 | 2010-01-04 | CVE-2009-4565 | Network | Low | None Requ... | |
| 5 | 2009-05-05 | CVE-2009-1490 | Network | Low | None Requ... | |
| 5 | 2006-08-28 | CVE-2006-4434 | Network | Low | None Requ... | |
| 5 | 2006-06-07 | CVE-2006-1173 | Network | Low | None Requ... | |
| 5 | 2005-06-29 | CVE-2005-2070 | Network | Low | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 10 | 2003-10-06 | CVE-2003-0694 | Network | Low | None Requ... | |
| 7.5 | 2003-10-06 | CVE-2003-0681 | Network | Low | None Requ... | |
| 10 | 2003-04-02 | CVE-2003-0161 | Network | Low | None Requ... | |
| 10 | 2003-03-07 | CVE-2002-1337 | Network | Low | None Requ... | |
| 7.5 | 2002-12-31 | CVE-2002-2261 | Network | Low | None Requ... | |
| 2.1 | 2002-12-31 | CVE-2002-1827 | Local | Low | None Requ... | |
| 4.6 | 2001-09-20 | CVE-2001-0653 | Local | Low | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 40% (2) | CWE-399 | Resource Management Errors |
| 20% (1) | CWE-310 | Cryptographic Issues |
| 20% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 20% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CAPEC : Common Attack Pattern Enumeration & Classificatio
| id | Name |
|---|---|
| CAPEC-2 | Inducing Account Lockout |
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| id | Name |
|---|---|
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-42 | MIME Conversion |
| CAPEC-44 | Overflow Binary Resource File |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-67 | String Format Overflow in syslog() |
| CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
| CAPEC-92 | Forced Integer Overflow |
| CAPEC-100 | Overflow Buffers |
| CAPEC-123 | Buffer Attacks |
| CAPEC-147 | XML Ping of Death |
| CAPEC-228 | Resource Depletion through DTD Injection in a SOAP Message |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:2222 | Sendmail Address Processor Buffer Overflow |
| oval:org.mitre.oval:def:8512 | HP-UX Running sendmail, Remote Denial of Service (DoS) |
| oval:org.mitre.oval:def:6892 | HP-UX Running sendmail, Remote Denial of Service (DoS) |
| oval:org.mitre.oval:def:595 | Potential BO in Ruleset Parsing for Sendmail |
| oval:org.mitre.oval:def:3606 | Sendmail Ruleset Parsing Buffer Overflow |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:603 | Sendmail BO in prescan Function |
| oval:org.mitre.oval:def:572 | Sendmail BO in Prescan Function |
| oval:org.mitre.oval:def:2975 | Sendmail prescan function Buffer Overflow |
| oval:org.mitre.oval:def:11253 | Sendmail before 8.13.7 allows remote attackers to cause a denial of service v... |
| oval:org.mitre.oval:def:11822 | HP-UX Running sendmail with STARTTLS Enabled, Remote Unauthorized Access. |
| oval:org.mitre.oval:def:10255 | sendmail before 8.14.4 does not properly handle a '\0' character in a Common ... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 62373 | Sendmail X.509 Certificate Null Character MiTM Spoofing Weakness |
| 60140 | Sendmail Spoofed DNS Hostname check_relay Function Bypass |
| 59769 | Sendmail Multiple Configuration File Lock Local DoS |
| 54669 | Sendmail Mail X-Header Handling Remote Overflow |
| 28193 | Sendmail Header Processing Overflow DoS |
| id | Description |
|---|---|
| 26197 | Sendmail Multi-Part MIME Message Handling DoS |
| 17562 | ClamAV clamav-milter Remote Connection Hold DoS |
| 8294 | Sendmail NOCHAR Control Value prescan Overflow |
| 4502 | Sendmail headers.c crackaddr Function Address Field Handling Remote Overflow |
| 2577 | Sendmail prescan() Function Remote Overflow |
| 605 | Sendmail -d category Value Local Overflow |
Metasploit Exploits
| id | Description |
|---|---|
| 2003-09-17 | Sendmail SMTP Address prescan <= 8.12.8 Memory Corruption |
