VulnerableCode Package Details - pkg:deb/debian/sendmail@8.14.3-9.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-6vnz-eme3-aaac Aliases: CVE-2014-3956	The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.	8.14.4-8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ptnv-fwch-aaag Aliases: CVE-2023-51765	sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not.	8.15.2-22+deb11u3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.17.2-1~bpo12+1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6vnz-eme3-aaac
Aliases:
CVE-2014-3956

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

8.14.4-8
Affected by 1 other vulnerability.

VCID-ptnv-fwch-aaag
Aliases:
CVE-2023-51765

sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not.

8.15.2-22+deb11u3
Affected by 1 other vulnerability.

8.17.2-1~bpo12+1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2cdd-ajxa-aaaq	sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.	CVE-2009-4565

Vulnerability

Summary

Aliases

VCID-2cdd-ajxa-aaaq

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

CVE-2009-4565

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T14:27:00.365588+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:19:44.004837+00:00	Debian Oval Importer	Fixing	VCID-2cdd-ajxa-aaaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T01:28:51.516210+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	None	36.1.3
2025-06-20T23:39:38.861164+00:00	Debian Oval Importer	Fixing	VCID-2cdd-ajxa-aaaq	None	36.1.3
2025-06-08T12:26:42.355312+00:00	Debian Oval Importer	Fixing	VCID-2cdd-ajxa-aaaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T07:20:02.456041+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:14:18.610766+00:00	Debian Oval Importer	Fixing	VCID-2cdd-ajxa-aaaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T18:51:45.309416+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	None	36.1.0
2025-06-07T17:02:35.359328+00:00	Debian Oval Importer	Fixing	VCID-2cdd-ajxa-aaaq	None	36.1.0
2025-04-13T01:20:54.114702+00:00	Debian Oval Importer	Affected by	VCID-ptnv-fwch-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-13T00:51:26.560171+00:00	Debian Oval Importer	Affected by	VCID-ptnv-fwch-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-12T21:17:11.555719+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:12:54.472967+00:00	Debian Oval Importer	Fixing	VCID-2cdd-ajxa-aaaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T05:52:40.002821+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:46:28.460321+00:00	Debian Oval Importer	Fixing	VCID-2cdd-ajxa-aaaq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T17:29:32.741043+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	None	36.0.0
2025-04-07T15:35:52.424182+00:00	Debian Oval Importer	Fixing	VCID-2cdd-ajxa-aaaq	None	36.0.0
2024-11-27T11:50:56.695180+00:00	Debian Oval Importer	Fixing	VCID-2cdd-ajxa-aaaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	35.0.0
2024-10-13T06:43:11.306147+00:00	Debian Oval Importer	Fixing	VCID-2cdd-ajxa-aaaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.2
2024-09-20T21:02:55.670924+00:00	Debian Oval Importer	Fixing	VCID-2cdd-ajxa-aaaq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.1