VulnerableCode Package Details - pkg:deb/debian/sendmail@8.14.4-4%2Bdeb7u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-6vnz-eme3-aaac Aliases: CVE-2014-3956	The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.	8.14.4-8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ptnv-fwch-aaag Aliases: CVE-2023-51765	sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not.	8.15.2-22+deb11u3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 8.17.2-1~bpo12+1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6vnz-eme3-aaac
Aliases:
CVE-2014-3956

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.

8.14.4-8
Affected by 1 other vulnerability.

VCID-ptnv-fwch-aaag
Aliases:
CVE-2023-51765

sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not.

8.15.2-22+deb11u3
Affected by 1 other vulnerability.

8.17.2-1~bpo12+1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T14:27:00.367557+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T01:28:51.517784+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	None	36.1.3
2025-06-08T07:20:02.457555+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T18:51:45.311266+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	None	36.1.0
2025-04-13T01:20:54.119724+00:00	Debian Oval Importer	Affected by	VCID-ptnv-fwch-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-13T00:51:26.565669+00:00	Debian Oval Importer	Affected by	VCID-ptnv-fwch-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-12T21:17:11.560775+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T05:52:40.007818+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T17:29:32.747591+00:00	Debian Oval Importer	Affected by	VCID-6vnz-eme3-aaac	None	36.0.0