Sendmail Sendmail 8.13.8

CPE Details

Sendmail Sendmail 8.13.8
8.13.8
2009-05-12
16h26 +00:00
2014-06-24
16h28 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:sendmail:sendmail:8.13.8:*:*:*:*:*:*:*

Informations

Vendor

sendmail

Product

sendmail

Version

8.13.8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-51765 2023-12-23 23h00 +00:00 sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.
5.3
Medium
CVE-2021-3618 2022-03-22 23h00 +00:00 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
7.4
High
CVE-2014-3956 2014-06-04 08h00 +00:00 The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
1.9
CVE-2009-4565 2010-01-04 20h00 +00:00 sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
7.5