Sendmail RestrictQueueRun Option Debug Mode Information Disclosure
Low Nessus Plugin ID 11088
SynopsisThe remote server is vulnerable to information disclosure.
DescriptionAccording to the version number of the remote mail server, a local user may be able to obtain the complete mail configuration and other interesting information about the mail queue even if he is not allowed to access those information directly, by running
sendmail -q -d0-nnnn.xxx
where nnnn & xxx are debugging levels.
If users are not allowed to process the queue (which is the default) then you are not vulnerable.
This vulnerability is _local_ only.
SolutionUpgrade to the latest version of Sendmail or do not allow users to process the queue (RestrictQRun option).