MidnightBSD

Advisories for eric_allman

CVE-1999-0047 HIGH

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.8.4
bsdi bsd_os 2.1
eric_allman sendmail 8.8.3
caldera openlinux 1.0
CVE-1999-0057 HIGH

Vacation program allows command execution by remote users through a sendmail command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp vvos *
sun solaris *
hp hp-ux 10.09
hp hp-ux 9
ibm aix *
sun sunos *
hp hp-ux 10.00
freebsd freebsd 6.2
eric_allman vacation *
hp hp-ux 10.24
CVE-1999-0095 HIGH

The debug command in Sendmail is enabled, allowing attackers to execute commands as root.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 5.58
CVE-1999-0129 MEDIUM

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.00
eric_allman sendmail 8.8
ibm aix 3.2
bsdi bsd_os 2.1
sun sunos 5.5
eric_allman sendmail 8.8.1
eric_allman sendmail 8.8.3
sun sunos 4.1.4
hp hp-ux 10.01
freebsd freebsd 2.1.6.1
sun sunos 4.1.3u1
sun solaris 2.5
sun sunos 5.4
sco openserver 5.0
sun solaris 2.5.1
sco internet_faststart 1.1
sun sunos 5.5.1
hp hp-ux 10.10
sun sunos 5.3
eric_allman sendmail 8.8.2
hp hp-ux 10.16
ibm aix 4.1
sun solaris 2.4
hp hp-ux 10.20
sco openserver 5.0.2
sco internet_faststart 1.0
freebsd freebsd 2.1.5
freebsd freebsd 2.1.6
ibm aix 4.2
CVE-1999-0130 HIGH

Local users can start Sendmail in daemon mode and gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.7
caldera network_desktop 1.0
hp hp-ux 10.10
hp hp-ux 10.00
eric_allman sendmail 8.8.2
eric_allman sendmail 8.8
redhat linux 4.0
bsdi bsd_os 2.1
eric_allman sendmail 8.8.1
hp hp-ux 10.20
freebsd freebsd 2.1.5
freebsd freebsd 2.1.6
ibm aix 4.2
hp hp-ux 10.01
CVE-1999-0131 HIGH

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sco openserver 5.0
eric_allman sendmail 8.6
eric_allman sendmail 8.7.2
eric_allman sendmail 8.7.3
hp hp-ux 10.10
eric_allman sendmail 8.7.4
digital osf_1 1.3.2
ibm aix 3.2
eric_allman sendmail 8.7.5
bsdi bsd_os 2.1
ibm aix 4.1
hp hp-ux 10.20
sco openserver 5.0.2
redhat linux 3.0.3
sco internet_faststart 1.0
eric_allman sendmail 8.7.1
freebsd freebsd 2.1.5
ibm aix 4.2
hp hp-ux 10.01
CVE-1999-0145 HIGH

Sendmail WIZ command enabled, allowing root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail *
CVE-1999-0163 HIGH

In older versions of Sendmail, an attacker could use a pipe character to execute root commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail *
CVE-1999-0203 HIGH

In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.6.10
CVE-1999-0204 HIGH

Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.6.9
CVE-1999-0205 MEDIUM

Denial of service in Sendmail 8.6.11 and 8.6.12.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.6.12
eric_allman sendmail 8.6.11
CVE-1999-0206 HIGH

MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.8.1
eric_allman sendmail 8.8
CVE-1999-0393 MEDIUM

Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.9.2
eric_allman sendmail 8.8
CVE-1999-0976 LOW

Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.9.3
CVE-2000-0319 MEDIUM

mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.8.4
eric_allman sendmail 8.9.1
eric_allman sendmail 8.9.3
eric_allman sendmail 8.7.2
eric_allman sendmail 8.7.x
eric_allman sendmail 8.8.5
eric_allman sendmail 8.7.3
eric_allman sendmail 5.59
eric_allman sendmail 8.8.2
eric_allman sendmail 8.8
eric_allman sendmail 8.7.4
eric_allman sendmail 8.7.5
eric_allman sendmail 8.8.1
eric_allman sendmail 8.8.3
eric_allman sendmail 8.8.x
eric_allman sendmail 8.6.x
eric_allman sendmail 5.58
eric_allman sendmail 8.7.1
eric_allman sendmail 8.7.6