Eric Allman: >> Sendmail Security Vulnerabilities
mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.
CVSS Score
5.0
EPSS Score
0.007
Published
2000-04-23
Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.
CVSS Score
2.1
EPSS Score
0.001
Published
1999-12-07
Denial of service in Sendmail 8.6.11 and 8.6.12.
CVSS Score
5.0
EPSS Score
0.005
Published
1999-01-01
Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.
CVSS Score
5.0
EPSS Score
0.04
Published
1999-01-01
MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.
CVSS Score
10.0
EPSS Score
0.022
Published
1997-01-28
In older versions of Sendmail, an attacker could use a pipe character to execute root commands.
CVSS Score
7.2
EPSS Score
0.002
Published
1997-01-01
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.
CVSS Score
10.0
EPSS Score
0.067
Published
1997-01-01
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
CVSS Score
4.6
EPSS Score
0.001
Published
1996-12-03
Local users can start Sendmail in daemon mode and gain root privileges.
CVSS Score
7.2
EPSS Score
0.009
Published
1996-11-16
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.
CVSS Score
10.0
EPSS Score
0.005
Published
1996-10-01
Page 1