Eric AllmanCVEs & Vulnerabilities

15 CVEs affecting Eric Allman products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

sendmail 47vacation 1
CVE-2000-0319MEDIUM

mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.

23 Apr 2000
5.0
CVSS
CVE-1999-0976LOW

Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.

7 Dec 1999
2.1
CVSS
CVE-1999-0205MEDIUM

Denial of service in Sendmail 8.6.11 and 8.6.12.

1 Jan 1999
5.0
CVSS
CVE-1999-0393MEDIUMpoc

Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.

1 Jan 1999
5.0
CVSS
CVE-1999-0057HIGH

Vacation program allows command execution by remote users through a sendmail command.

16 Nov 1998
7.5
CVSS
CVE-1999-0047CRITICAL

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

28 Jan 1997
10.0
CVSS
CVE-1999-0163HIGH

In older versions of Sendmail, an attacker could use a pipe character to execute root commands.

1 Jan 1997
7.2
CVSS
CVE-1999-0204CRITICALpoc

Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.

1 Jan 1997
10.0
CVSS
CVE-1999-0129MEDIUM

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

3 Dec 1996
4.6
CVSS
CVE-1999-0130HIGHpoc

Local users can start Sendmail in daemon mode and gain root privileges.

16 Nov 1996
7.2
CVSS
CVE-1999-0206CRITICAL

MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.

1 Oct 1996
10.0
CVSS
CVE-1999-0131HIGH

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

11 Sep 1996
7.2
CVSS
CVE-1999-0203CRITICAL

In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.

17 Aug 1995
10.0
CVSS
CVE-1999-0145HIGH

Sendmail WIZ command enabled, allowing root access.

30 Sep 1993
7.2
CVSS
CVE-1999-0095CRITICALpoc

The debug command in Sendmail is enabled, allowing attackers to execute commands as root.

1 Oct 1988
10.0
CVSS
← PrevPage 1 / 1Next →