Sendmail 8.8.8 - 8.12.7 Multiple Vulnerabilities (Bypass, OF)

This script is Copyright (C) 2003-2014 StrongHoldNet


Synopsis :

The remote host has an application that is affected by multiple
vulnerabilities.

Description :

smrsh (supplied by Sendmail) is designed to prevent the execution of
commands outside of the restricted environment. However, when
commands are entered using either double pipes (||) or a mixture of
dot and slash characters, a user may be able to bypass the checks
performed by smrsh. This can lead to the execution of commands
outside of the restricted environment.

In addition, a function in headers.c does not properly sanitize input
supplied via the 'Address Field' causing an exploitable buffer
overflow condition. However, Nessus has not checked for this.

Solution :

Upgrade to Sendmail 8.12.8 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 11321 ()

Bugtraq ID: 5845

CVE ID: CVE-2002-1165
CVE-2002-1337