The remote sendmail server, according to its version number, allows local users to write to a file and gain group permissions via a .forward or :include: file.
Install sendmail newer than 8.8.4 or install a vendor supplied patch.
- Check if Mailserver answer to VRFY and EXPN requests
- Code-Crafters Ability Mail Server IMAP FETCH Request Remote Denial Of Service Vulnerability
- Sendmail Parsing Redirection DOS
- Alt-N MDaemon SUBSCRIBE Remote Information Disclosure Vulnerability
- Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability