Solaris sendmail .forward Local Privilege Escalation
High Nessus Plugin ID 11364
SynopsisThe remote server is vulnerable to a privilege escalation attack.
DescriptionThe remote sendmail server, according to its version number, may be vulnerable to a local privilege escalation attack when using forward files.
*** Sun did not increase the version number of their sendmail
*** when patching Solaris 7 and 8, so this might be a false
*** positive on these platforms.
An attacker may set up a special .forward file in his home and send a mail to himself, which will trick sendmail and will allow him to execute arbitrary commands with root privileges.
SolutionUpgrade to the latest version of sendmail