Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0713

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2001-0713
Last Modified 05 Sep 2008 04:24:45
Published 30 Oct 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-0713

Summary

Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.

Vulnerable Systems

Application

  • Sendmail 8.12.1


References

BINDVIEW - 20011001 Multiple Local Sendmail Vulnerabilities

BID - 3377

XF - sendmail-setregid-gain-privileges(7192)


Last Updated: 27 May 2016 10:36:22