Sendmail decode Alias Arbitrary File Overwrite

medium Nessus Plugin ID 10248

Synopsis

It might be possible to overwrite arbitrary files on the server.

Description

The remote SMTP server seems to pipe mail sent to the 'decode' alias to a program.

There have been in the past a lot of security problems regarding this, as it would allow an attacker to overwrite arbitrary files on the remote server.

We suggest you deactivate this alias.

Solution

Remove the 'decode' line in /etc/aliases.

Plugin Details

Severity: Medium

ID: 10248

File Name: sendmail_decode.nasl

Version: 1.22

Type: remote

Published: 8/30/1999

Updated: 8/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-1999-0096

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Vulnerability Information

CPE: cpe:/a:sendmail:sendmail

Required KB Items: installed_sw/Sendmail, SMTP/expn

Vulnerability Publication Date: 5/20/1989

Reference Information

CVE: CVE-1999-0096