Sendmail < 8.8.4 Group Permissions Local Privilege Escalation

Medium Nessus Network Monitor Plugin ID 2021

Synopsis

The remote server may allow local users to escalate privileges.

Description

The remote Sendmail server is vulnerable to a flaw that may allow local users to gain the group permission of the sendmail server by crafting a .forward file.

Solution

Upgrade to Sendmail 8.8.4 or higher.

Plugin Details

Severity: Medium

ID: 2021

File Name: 2021.prm

Family: SMTP Servers

Published: 2004/08/18

Modified: 2016/02/05

Dependencies: 2046

Nessus ID: 11349

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.6

Temporal Score: 4.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:W/RC:ND

CVSSv3

Base Score: 5.9

Temporal Score: 5.7

Vector: CVSS3#AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:H/RL:W/RC:X

Reference Information

CVE: CVE-1999-0129

BID: 715

OSVDB: 1113