Sendmail Custom Configuration File Network Vulnerability

Summary

The remote sendmail server, according to its version number, may be vulnerable to a 'Mail System Compromise' when a user supplies a custom configuration file. Although the mail server is suppose to run as a lambda user, a programming error allows the local attacker to regain the extra dropped privileges and run commands as root.

Solution

upgrade to the latest version of Sendmail Note : This vulnerability is _local_ only

Severity

Classification

CVE CVE-2001-0713
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Sendmail Parsing Redirection DOS
Quick 'n Easy Mail Server SMTP Request Remote Denial Of Service Vulnerability
Sendmail ETRN command DOS
Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability

Sendmail custom configuration file

Take action and discover your vulnerabilities