Sendmail < 8.8.4 Group Permissions Local Privilege Escalation

medium Nessus Network Monitor Plugin ID 2021

Synopsis

The remote server may allow local users to escalate privileges.

Description

The remote Sendmail server is vulnerable to a flaw that may allow local users to gain the group permission of the sendmail server by crafting a .forward file.

Solution

Upgrade to Sendmail 8.8.4 or higher.

Plugin Details

Severity: Medium

ID: 2021

Family: SMTP Servers

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 11349

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 4.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:eric_allman:sendmail

Reference Information

CVE: CVE-1999-0129

BID: 715