Overview Sentrion MP 301 Sentrion MP 302 Sentrion MPQ Sentrion MPV Sentrion DS
Overview Gateway Inbound Outbound Internal Google Gmail
Overview Directory Synchronization Email Architecture Review High Volume Mail HIPAA Policy QUICKStart Implementation Performance Tuning Training Services Overview Message Routing and
Configuration Message Policy
Management Connection Control /
Attack Prevention Directory Configuration
and Management
Overview Compliance Partners Industry Organizations Technology Partners Commercial Milters Open Source Milters System Integrators System Resellers
Overview Silver Support Gold Support Platinum Support Open Source Support Security Advisories Contact Support
Overview Sendmail History Sendmail Customers Events Sendmail News Board & Investors Management Careers
Overview White Papers Highlight Sheets Successs Stories Product Reviews & Awards Archived Webinars Security Chalk Talks IP Reputation Check Real-time Outbreak Monitor
The New Sendmail return to homepage customer login
Support
Overview
Silver Support
Gold Support
Platinum Support
Open Source Support
Security Advisories
Contact Support
 
Contact Us
Resources Center
Success stories, white papers, data sheets, and more!
"Despite highly publicized data leaks, companies struggle to gauge what their risk exposure is.

Only a formal assessment of messaging networks can determine the risks an organization faces."

— Brian Burke
    Research Manager
    IDC Security Products

Sendmail, Inc. Product Security

This page serves as a central location for customers to find both past and present information about security issues with Sendmail, Inc. products.

If you would like to report a security problem with one of Sendmail's products, please contact the Security Officer using security-officer@sendmail.com. If at all possible, please encrypt your mail message with the security-officer PGP key. Note, this address should only be used to report a security problem. Customers with technical support questions should log their incidents via the normal channels.

As of May 1, 2006, Sendmail, Inc. has standardized its advisory format for all future security advisories. The security advisory instructions and template contains a description of the format and individual fields of advisories. On September 11, 2006, Sendmail, Inc. began the security note series to inform customers of security issues which do not have a direct impact on Sendmail products. Note that all issued advisories and notes will be digitally signed with the security-officer PGP key.

Security Advisories

Note that information found in older advisories may be outdated and may include references to patches that are no longer available.
  • Sendmail-SA-200609-01: OpenSSL RSA Signature Forgery
    • Frequently Asked Questions
  • 2006-08-09 SA-200607-03: Flow Control Address Sanitizing Flaw
    • Japanese Translation
    • Frequently Asked Questions
  • 2006-08-09 SA-200607-02: Unvalidated Hostname Use in Milter-based Filters
    • Japanese Translation
    • Frequently Asked Questions
  • 2006-07-24 SA-200607-01: LDAP Empty Password Authentication
    • Japanese Translation
    • Frequently Asked Questions
  • 2006-06-14 SA-200605-01: Deeply nested malformed MIME denial of service attack
    • Japanese Translation
    • Frequently Asked Questions
  • 2006-03-22 Timeout signal race condition
    • Additional information
  • 2003-09-18 Header Buffer Overflow
  • 2003-03-29 Header Buffer Overflow
  • 2003-03-03 Header Buffer Overflow

Security Notes

Note that information found in older notes may be outdated.

  • 2006-09-11 SN-200609-01: Incorrect sendmail MTA vulnerability report
  • 2006-09-11 SN-200609-02: OpenLDAP "selfwrite" ACL issue
  • 2006-09-11 SN-200609-03: BIND DNS server denial of service vulnerabilities
  • 2006-09-11 SN-200609-04: Apache "mod_rewrite" buffer overflow vulnerability


Site Map | Privacy Policy | Terms & Conditions | Copyright © 1998-2008 Sendmail, Inc. All Rights Reserved.