Sendmail -C Malformed Configuration Privilege Escalation
Medium Nessus Plugin ID 11086
SynopsisThe remote server is vulnerable to a privilege escalation attack.
DescriptionThe remote Sendmail server, according to its version number, may be vulnerable to a 'Mail System Compromise' when a user supplies a custom configuration file.
Although the mail server is supposed to run as a non-privileged user, a programming error allows the local attacker to regain the extra dropped privileges and run commands as root.
SolutionUpgrade to the latest version of Sendmail.