Solaris sendmail .forward Local Privilege Escalation

high Nessus Plugin ID 11364


The remote server is vulnerable to a privilege escalation attack.


The remote sendmail server, according to its version number, may be vulnerable to a local privilege escalation attack when using forward files.

*** Sun did not increase the version number of their sendmail
*** when patching Solaris 7 and 8, so this might be a false
*** positive on these platforms.

An attacker may set up a special .forward file in his home and send a mail to himself, which will trick sendmail and will allow him to execute arbitrary commands with root privileges.


Upgrade to the latest version of sendmail

Plugin Details

Severity: High

ID: 11364

File Name: sendmail_sun_forward.nasl

Version: 1.20

Type: remote

Published: 3/12/2003

Updated: 7/24/2018

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:sendmail:sendmail

Required KB Items: SMTP/sendmail

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/6/2003

Reference Information

CVE: CVE-2003-1076

BID: 7033