CVSS: 7.8EPSS: 8%CPEs: 5EXPL: 0CVE-2007-2246
https://notcve.org/view.php?id=CVE-2007-2246
Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-4434. Vulnerabilidad no especificada en HP-UX B.11.00 y B.11.11, cuando se ejecuta sendmail 8.9.3 o 8.11.1; y HP-UX B.11.23 cuando se ejecuta sendmail 8.11.1; permite a los atacantes remotos causar una denegación de servicio a través de vectores de ataque desconocidos. NOTA: debido a la falta de detalles de HP, no se sabe si este problema es un duplicado de otro CVE como CVE-2006-1173 o CVE-2006-4434. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00841370 http://secunia.com/advisories/24990 http://www.kb.cert.org/vuls/id/349305 http://www.securityfocus.com/bid/23606 http://www.securitytracker.com/id?1017966 http://www.vupen.com/english/advisories/2007/1504 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-7175
https://notcve.org/view.php?id=CVE-2006-7175
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. La version de Sendmail 8.13.1-2 en Red Hat Enterprise Linux 4 Update 4 y anteriores no permiten al administrador deshabilitar la encriptación SSLv2, lo cual podría provocar que se pudieran usar canales menos seguros de lo deseado. • https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172352 •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0CVE-2006-7176 – sendmail allows external mail with from address xxx@localhost.localdomain
https://notcve.org/view.php?id=CVE-2006-7176
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. La versión de Sendmail 8.13.1-2 en Red Hat Enterprise Linux 4 Update 4 y anteriores no rechazan el nombre de dominio "localhost.localdomain" para mensajes de correo electrónico que provienen de estaciones externas, lo cual podría permitir a atacantes remotos falsificar mensajes. • http://secunia.com/advisories/25098 http://secunia.com/advisories/25743 http://support.avaya.com/elmodocs2/security/ASA-2007-248.htm http://www.redhat.com/support/errata/RHSA-2007-0252.html http://www.securityfocus.com/bid/23742 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171838 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11499 https://access.redhat.com/security/cve/CVE-2006-7176 https://bugzilla.redhat.com/show_bug.cgi?id=23854 •
CVSS: 7.5EPSS: 27%CPEs: 1EXPL: 0CVE-2006-4434
https://notcve.org/view.php?id=CVE-2006-4434
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected." Vulnerabilidad Utilizar-tras-liberar en Sendmail versiones anteriores a 8.13.8, permite a atacantes remotos provocar una denegación de servicio (crash) mediante una "header line" larga, que provoca que una variable liberada anteriormente sea referenciada. NOTa: El desarrollador original ha impugnado la severidad de esta vulnerabilidad diciendo "La única denegación de servicio posible aquí, es llenar el disco con volcados de memoria si el Sistema Operativo genera diferentes volcados de memoria (que es improbable)... el error reside en el código de apagado (finis()) que conduce directamente a exit(3), en este caso, el proceso terminaría de todas formas, no afecta a la distribución ni recepción de correo". • http://secunia.com/advisories/21637 http://secunia.com/advisories/21641 http://secunia.com/advisories/21696 http://secunia.com/advisories/21700 http://secunia.com/advisories/21749 http://secunia.com/advisories/22369 http://securitytracker.com/id?1016753 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102664-1 http://www.attrition.org/pipermail/vim/2006-August/000999.html http://www.debian.org/security/2006/dsa-1164 http://www.mandriva.com/security/advisories?name=M • CWE-416: Use After Free •
CVSS: 5.0EPSS: 34%CPEs: 41EXPL: 0CVE-2006-1173
https://notcve.org/view.php?id=CVE-2006-1173
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:17.sendmail.asc ftp://patches.sgi.com/support/free/security/advisories/20060601-01-P ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 http://lists.suse.com/archive/suse-security-announce/2006-Jun/0006.html http://secunia.com/advisories/15779 http://secunia.com/advisories/20473 http://secunia.com/advisories/20641 http://secunia. • CWE-399: Resource Management Errors •