Fluid Attacks Database

Description

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	sendmail	>=0 <8.13.1-13	8.13.1-13
debian 14	sendmail	>=0 <8.13.1-13	8.13.1-13
debian 12	sendmail	>=0 <8.13.1-13	8.13.1-13
debian 11	sendmail	>=0 <8.13.1-13	8.13.1-13

Aliases

1. CVE-2004-08332. NVD-2004-08333. OSV-DEBIAN-2004-08334. OSV-2004-08335. SECURITY-TRACKER-CVE-2004-0833

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.