Summary
The remote sendmail server, according to its version number, may be vulnerable to a 'Mail System Compromise' when a user supplies a custom configuration file.
Although the mail server is suppose to run as a lambda user, a programming error allows the local attacker to regain the extra dropped privileges and run commands as root.
Solution
upgrade to the latest version of Sendmail
Note : This vulnerability is _local_ only
Severity
Classification
-
CVE CVE-2001-0713 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Check if Mailserver answer to VRFY and EXPN requests
- Quick 'n Easy Mail Server SMTP Request Remote Denial Of Service Vulnerability
- poprelayd & sendmail authentication problem
- Code-Crafters Ability Mail Server IMAP FETCH Request Remote Denial Of Service Vulnerability
- Microsoft Windows SMTP Server DNS spoofing vulnerability