Solaris sendmail .forward Local Privilege Escalation

High Nessus Plugin ID 11364


The remote server is vulnerable to a privilege escalation attack.


The remote sendmail server, according to its version number, may be vulnerable to a local privilege escalation attack when using forward files.

*** Sun did not increase the version number of their sendmail
*** when patching Solaris 7 and 8, so this might be a false
*** positive on these platforms.

An attacker may set up a special .forward file in his home and send a mail to himself, which will trick sendmail and will allow him to execute arbitrary commands with root privileges.


Upgrade to the latest version of sendmail

Plugin Details

Severity: High

ID: 11364

File Name: sendmail_sun_forward.nasl

Version: $Revision: 1.19 $

Type: remote

Published: 2003/03/12

Modified: 2012/11/13

Dependencies: 11936, 10263, 13121, 13592, 13454, 13225, 13350, 13541

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:sendmail:sendmail

Required KB Items: SMTP/sendmail

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2003/03/06

Reference Information

CVE: CVE-2003-1076

BID: 7033

OSVDB: 15147