Sendmail DEBUG/WIZ Remote Command Execution

Critical Nessus Plugin ID 10247


Arbitrary commands may be run on this server.


Your MTA accepts the DEBUG or WIZ command. It must be a very old version of sendmail.

This command is dangerous as it allows remote users to execute arbitrary commands as root without the need to log in.


Upgrade your MTA.

Plugin Details

Severity: Critical

ID: 10247

File Name: sendmail_debug.nasl

Version: $Revision: 1.28 $

Type: remote

Published: 1999/08/22

Modified: 2012/04/23

Dependencies: 11421, 10263, 17975

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:sendmail:sendmail

Required KB Items: SMTP/sendmail

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1983/11/27

Reference Information

CVE: CVE-1999-0095, CVE-1999-0145

BID: 1, 2897

OSVDB: 195, 15962