Mandrake Linux Security Advisory : sendmail (MDKSA-2002:083)
Medium Nessus Plugin ID 13981
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered by zen-parse and Pedram Amini in the sendmail MTA. They found two ways to exploit smrsh, an application intended as a replacement for the sh shell for use with sendmail; the first by inserting specially formatted commands in the ~/.forward file and secondly by calling smrsh directly with special options. These can be exploited to give users with no shell account, or those not permitted to execute certain programs or commands, the ability to bypass these restrictions.
SolutionUpdate the affected packages.