Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0653

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2001-0653
Last Modified 05 Sep 2008 04:24:37
Published 20 Sep 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-0653

Summary

Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.

Vulnerable Systems

Application

  • Sendmail 8.11.0

  • Sendmail 8.11.1

  • Sendmail 8.11.2

  • Sendmail 8.11.3

  • Sendmail 8.11.4

  • Sendmail 8.11.5

  • Sendmail 8.12


References

BID - 3163

BUGTRAQ - 20010821 *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)

CONFIRM - http://www.sendmail.org/8.11.html

XF - sendmail-debug-signed-int-overflow(7016)

HP - HPSBTL0112-007

SUSE - SuSE-SA:2001:028

MANDRAKE - MDKSA-2001:075

CIAC - L-133

CALDERA - CSSA-2001-032.0

REDHAT - RHSA-2001:106

IMMUNIX - IMNX-2001-70-032-01

CONECTIVA - CLA-2001:412

NETBSD - NetBSD-SA2001-017


Last Updated: 27 May 2016 10:36:20