CVE-2004-0833
sendmail - pre-set password
EPSS 0.66%
Description
Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.
How to fix CVE-2004-0833
To remediate CVE-2004-0833, upgrade the affected package to a fixed version below.
- Debian/sendmail—upgrade to 8.13.1-13 or later
- Debian/sendmail—upgrade to 8.12.3-7.1 or later
Is CVE-2004-0833 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 8.13.1-13
- from 0, < 8.12.3-7.1