Sendmail MAIL FROM Command Arbitrary Remote Command Execution

high Nessus Plugin ID 10258


The remote SMTP server is vulnerable to authentication bypass.


The remote SMTP server did not complain when issued the command :

MAIL FROM: |testing

This probably means that it is possible to send mail that will be bounced to a program, which is a serious threat, since this allows anyone to execute arbitrary commands on this host.

*** This security hole might be a false positive, since
*** some MTAs will not complain to this test, but instead
*** just drop the message silently


Upgrade your MTA or change it.

See Also

Plugin Details

Severity: High

ID: 10258

File Name: smtp_bounce.nasl

Version: 1.38

Type: remote

Published: 8/22/1999

Updated: 8/3/2018

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SMTP/sendmail

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/4/1988

Reference Information

CVE: CVE-1999-0203

BID: 2308