Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Debian_linux | Debian | 3.0 (including) | 3.0 (including) |
Sendmail | Ubuntu | dapper | * |
Sendmail | Ubuntu | edgy | * |