Solaris sendmail .forward Local Privilege Escalation

This script is Copyright (C) 2003-2012 Tenable Network Security, Inc.

Synopsis :

The remote server is vulnerable to a privilege escalation attack.

Description :

The remote sendmail server, according to its version number, may be
vulnerable to a local privilege escalation attack when using forward

*** Sun did not increase the version number of their sendmail
*** when patching Solaris 7 and 8, so this might be a false
*** positive on these platforms.

An attacker may set up a special .forward file in his home and send a
mail to himself, which will trick sendmail and will allow him to
execute arbitrary commands with root privileges.

Solution :

Upgrade to the latest version of sendmail

Risk factor :

High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.3
Public Exploit Available : false

Family: SMTP problems

Nessus Plugin ID: 11364 ()

Bugtraq ID: 7033

CVE ID: CVE-2003-1076