Solaris sendmail .forward Local Privilege Escalation

This script is Copyright (C) 2003-2012 Tenable Network Security, Inc.


Synopsis :

The remote server is vulnerable to a privilege escalation attack.

Description :

The remote sendmail server, according to its version number, may be
vulnerable to a local privilege escalation attack when using forward
files.

*** Sun did not increase the version number of their sendmail
*** when patching Solaris 7 and 8, so this might be a false
*** positive on these platforms.

An attacker may set up a special .forward file in his home and send a
mail to himself, which will trick sendmail and will allow him to
execute arbitrary commands with root privileges.

Solution :

Upgrade to the latest version of sendmail

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SMTP problems

Nessus Plugin ID: 11364 ()

Bugtraq ID: 7033

CVE ID: CVE-2003-1076