This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sendmail First view 2006-03-22
Product Sendmail Last view 2014-06-04
Version 8.13.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sendmail:sendmail

Activity : Overall

Related : CVE

  Date Alert Description
1.9 2014-06-04 CVE-2014-3956

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

7.5 2010-01-04 CVE-2009-4565

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

5 2009-05-05 CVE-2009-1490

Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.

5 2006-06-07 CVE-2006-1173

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.

7.6 2006-03-22 CVE-2006-0058

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-399 Resource Management Errors
25% (1) CWE-310 Cryptographic Issues
25% (1) CWE-200 Information Exposure
25% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-147 XML Ping of Death
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message

Open Source Vulnerability Database (OSVDB)

id Description
62373 Sendmail X.509 Certificate Null Character MiTM Spoofing Weakness
54669 Sendmail Mail X-Header Handling Remote Overflow
26197 Sendmail Multi-Part MIME Message Handling DoS
24037 Sendmail Signal Handler Race Condition Remote Overflow

OpenVAS Exploits

id Description
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-30 (sendmail)
File : nvt/glsa_201206_30.nasl
2011-02-18 Name : RedHat Update for sendmail RHSA-2011:0262-01
File : nvt/gb_RHSA-2011_0262-01_sendmail.nasl
2010-06-25 Name : Fedora Update for sendmail FEDORA-2010-5470
File : nvt/gb_fedora_2010_5470_sendmail_fc12.nasl
2010-06-18 Name : Fedora Update for sendmail FEDORA-2010-5399
File : nvt/gb_fedora_2010_5399_sendmail_fc11.nasl
2010-04-06 Name : RedHat Update for sendmail RHSA-2010:0237-05
File : nvt/gb_RHSA-2010_0237-05_sendmail.nasl
2010-03-31 Name : HP-UX Update for sendmail with STARTTLS Enabled HPSBUX02508
File : nvt/gb_hp_ux_HPSBUX02508.nasl
2010-01-19 Name : Mandriva Update for sendmail MDVSA-2010:003 (sendmail)
File : nvt/gb_mandriva_MDVSA_2010_003.nasl
2010-01-04 Name : Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnera...
File : nvt/sendmail_37543.nasl
2009-10-10 Name : SLES9: Security update for sendmail
File : nvt/sles9p5014827.nasl
2009-05-13 Name : Sendmail Buffer Overflow Vulnerability
File : nvt/gb_sendmail_bof_vuln.nasl
2009-05-05 Name : HP-UX Update for sendmail HPSBUX02108
File : nvt/gb_hp_ux_HPSBUX02108.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200603-21 (sendmail)
File : nvt/glsa_200603_21.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200606-19 (sendmail)
File : nvt/glsa_200606_19.nasl
2008-09-04 Name : FreeBSD Security Advisory (FreeBSD-SA-06:17.sendmail.asc)
File : nvt/freebsdsa_sendmail2.nasl
2008-09-04 Name : FreeBSD Security Advisory (FreeBSD-SA-06:13.sendmail.asc)
File : nvt/freebsdsa_sendmail1.nasl
2008-09-04 Name : FreeBSD Ports: sendmail
File : nvt/freebsd_sendmail.nasl
2008-01-17 Name : Debian Security Advisory DSA 1155-2 (sendmail)
File : nvt/deb_1155_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1155-1 (sendmail)
File : nvt/deb_1155_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1015-1 (sendmail)
File : nvt/deb_1015_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2006-166-01 sendmail
File : nvt/esoft_slk_ssa_2006_166_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2006-081-01 sendmail
File : nvt/esoft_slk_ssa_2006_081_01.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2010-A-0002 Sendmail SSL Certificate Validation Vulnerability
Severity: Category I - VMSKEY: V0022182

Snort® IPS/IDS

Date Description
2014-01-10 headers too long server response
RuleID : 5739 - Type : SERVER-MAIL - Revision : 8
2014-01-10 Sendmail smtp timeout buffer overflow attempt
RuleID : 16057 - Type : SERVER-MAIL - Revision : 7

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ03273.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ03121.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ02920.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ02919.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ02918.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ02917.nasl - Type: ACT_GATHER_INFO
2018-04-10 Name: The remote AIX host is missing a security patch.
File: aix_IJ02915.nasl - Type: ACT_GATHER_INFO
2015-03-30 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-128.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_sendmail_20141120.nasl - Type: ACT_GATHER_INFO
2014-12-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-32.nasl - Type: ACT_GATHER_INFO
2014-08-01 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2014-147.nasl - Type: ACT_GATHER_INFO
2014-07-05 Name: The remote SuSE 11 host is missing a security update.
File: suse_11_rmail-140604.nasl - Type: ACT_GATHER_INFO
2014-06-20 Name: The remote Fedora host is missing a security update.
File: fedora_2014-7095.nasl - Type: ACT_GATHER_INFO
2014-06-18 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-425.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote Fedora host is missing a security update.
File: fedora_2014-7093.nasl - Type: ACT_GATHER_INFO
2014-06-06 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2014-156-04.nasl - Type: ACT_GATHER_INFO
2014-06-03 Name: The remote mail server is affected by an SMTP connection manipulation vulnera...
File: sendmail_8_14_9.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-0262.nasl - Type: ACT_GATHER_INFO
2013-03-13 Name: The remote AIX host is missing a vendor-supplied security patch.
File: aix_U806006.nasl - Type: ACT_GATHER_INFO
2013-03-13 Name: The remote AIX host is missing a vendor-supplied security patch.
File: aix_U477911.nasl - Type: ACT_GATHER_INFO
2013-03-13 Name: The remote AIX host is missing a vendor-supplied security patch.
File: aix_U497412.nasl - Type: ACT_GATHER_INFO
2013-03-13 Name: The remote AIX host is missing a vendor-supplied security patch.
File: aix_U805069.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote AIX host is missing a security patch.
File: aix_IZ72837.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote AIX host is missing a security patch.
File: aix_IZ70637.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote AIX host is missing a security patch.
File: aix_IZ72836.nasl - Type: ACT_GATHER_INFO