Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Sendmail
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Security== Sendmail originated in the early days of the Internet, an era when considerations of security did not play a primary role in the development of network software. Early versions of Sendmail suffered from a number of security vulnerabilities that have been corrected over the years. Sendmail itself incorporated a certain amount of [[privilege separation]] in order to avoid exposure to security issues. {{As of| 2009}}, current versions of Sendmail, like other modern [[Message transfer agent|MTAs]], incorporate a number of security improvements and optional features that can be configured to improve security and help prevent abuse. ===History of vulnerabilities=== Sendmail vulnerabilities in CERT advisories and alerts: * {{Cite web|title=TA06-081A Sendmail Race Condition Vulnerability|work=US-CERT Alerts|url=http://www.us-cert.gov/cas/techalerts/TA06-081A.html| archive-url=https://web.archive.org/web/20060408201247/http://www.us-cert.gov/cas/techalerts/TA06-081A.html| archive-date=2006-04-08}} * {{Cite web|title=CA-2003-25 Buffer Overflow in Sendmail|work=CERT Advisories|date=31 December 2003 |url=http://www.cert.org/advisories/CA-2003-25.html| archive-url=https://ghostarchive.org/archive/20211024/http://www.cert.org/advisories/CA-2003-25.html| archive-date=2021-10-24|access-date=January 7, 2005}}{{cbignore}} * {{Cite web|title=CA-2003-12 Buffer Overflow in Sendmail|work=CERT Advisories|date=31 December 2003 |url=http://www.cert.org/advisories/CA-2003-12.html| archive-url=https://ghostarchive.org/archive/20211024/http://www.cert.org/advisories/CA-2003-12.html| archive-date=2021-10-24|access-date=January 7, 2005}}{{cbignore}} * {{Cite web|title=CA-2003-07 Remote Buffer Overflow in Sendmail|work=CERT Advisories|date=31 December 2003 |url=http://www.cert.org/advisories/CA-2003-07.html| archive-url=https://ghostarchive.org/archive/20211024/http://www.cert.org/advisories/CA-2003-07.html| archive-date=2021-10-24|access-date=January 7, 2005}}{{cbignore}} * {{Cite web|title=CA-1997-05 MIME Conversion Buffer Overflow in Sendmail Versions 8.8.3 and 8.8.4|work=CERT Advisories|date=31 December 1997 |url=http://www.cert.org/advisories/CA-1997-05.html| archive-url=https://ghostarchive.org/archive/20211024/http://www.cert.org/advisories/CA-1997-05.html| archive-date=2021-10-24|access-date=January 7, 2005}}{{cbignore}} * {{Cite web|title=CA-1996-25 Sendmail Group Permissions Vulnerability|work=CERT Advisories|date=31 December 1996 |url=http://www.cert.org/advisories/CA-1996-25.html| archive-url=https://ghostarchive.org/archive/20211024/http://www.cert.org/advisories/CA-1996-25.html| archive-date=2021-10-24|access-date=January 7, 2005}}{{cbignore}} * {{Cite web|title=CA-1996-24 Sendmail Daemon Mode Vulnerability|work=CERT Advisories|date=31 December 1996 |url=http://www.cert.org/advisories/CA-1996-24.html| archive-url=https://ghostarchive.org/archive/20211024/http://www.cert.org/advisories/CA-1996-24.html| archive-date=2021-10-24|access-date=January 7, 2005}}{{cbignore}} * {{Cite web|title=CA-1996-20 Sendmail Vulnerabilities|work=CERT Advisories|date=31 December 1996 |url=http://www.cert.org/advisories/CA-1996-20.html| archive-url=https://ghostarchive.org/archive/20211024/http://www.cert.org/advisories/CA-1996-20.html| archive-date=2021-10-24|access-date=January 7, 2005}}{{cbignore}} The ''[[UNIX-HATERS Handbook]]'' dedicated an entire chapter to perceived problems and weaknesses of sendmail.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)