Eric Allman » Sendmail : Security Vulnerabilities, CVEs,
mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.
Max CVSS
5.0
EPSS Score
0.25%
Published
2000-04-23
Updated
2008-09-10
Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.
Max CVSS
2.1
EPSS Score
0.06%
Published
1999-12-07
Updated
2008-09-09
Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.
Max CVSS
5.0
EPSS Score
0.85%
Published
1999-01-01
Updated
2016-10-18
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.
Max CVSS
10.0
EPSS Score
0.75%
Published
1996-10-01
Updated
2022-08-17
Denial of service in Sendmail 8.6.11 and 8.6.12.
Max CVSS
5.0
EPSS Score
3.98%
Published
1999-01-01
Updated
2022-08-17
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.
Max CVSS
10.0
EPSS Score
3.64%
Published
1997-01-01
Updated
2022-08-17
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
Max CVSS
10.0
EPSS Score
1.50%
Published
1995-08-17
Updated
2022-08-17
In older versions of Sendmail, an attacker could use a pipe character to execute root commands.
Max CVSS
7.2
EPSS Score
0.04%
Published
1997-01-01
Updated
2022-08-17
Sendmail WIZ command enabled, allowing root access.
Max CVSS
7.2
EPSS Score
0.08%
Published
1993-09-30
Updated
2019-06-11
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
Max CVSS
7.2
EPSS Score
0.04%
Published
1996-09-11
Updated
2008-09-09
Local users can start Sendmail in daemon mode and gain root privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
1996-11-16
Updated
2008-09-09
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
Max CVSS
4.6
EPSS Score
0.05%
Published
1996-12-03
Updated
2022-08-17
The debug command in Sendmail is enabled, allowing attackers to execute commands as root.
Max CVSS
10.0
EPSS Score
7.76%
Published
1988-10-01
Updated
2019-06-11
MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.
Max CVSS
10.0
EPSS Score
0.75%
Published
1997-01-28
Updated
2008-09-09
14 vulnerabilities found