SonicWALL Comprehensive Internet Security
Home
SonicALERT
Search
Search TipsSitemap

Support

 

SMTP  All Categories


  Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.
  Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
  The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CAN-2002-1337.
  In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
  The debug command in Sendmail is enabled, allowing attackers to execute commands as root.
  rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
  Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.
  ETRN overflow attempt
  An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO.
  Vintra SMTP MailServer allows remote attackers to cause a denial of service via a malformed "EXPN *@" command.
  exchange mime DOS
  vrfy root
  Sendmail decode alias can be used to overwrite sensitive files


Relevant Information
IPS Alert Level
Low
Medium
High


Home | Products | Applications | Markets | Support | How to Buy | Channel Partners | Company

Comprehensive Internet Security ® 2003 SonicWALL, Inc. | Privacy Statement