Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1165

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2002-1165
Last Modified 05 Sep 2008 04:29:56
Published 11 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1165

Summary

Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.

Vulnerable Systems

Operating System

  • Netbsd 1.5

  • Netbsd 1.5.1

  • Netbsd 1.5.2

  • Netbsd 1.5.3

  • Netbsd 1.6

Application

  • Sendmail 8.12.0

  • Sendmail 8.12.1

  • Sendmail 8.12.2

  • Sendmail 8.12.3

  • Sendmail 8.12.4

  • Sendmail 8.12.5

  • Sendmail 8.12.6


References

CONFIRM - http://www.sendmail.org/smrsh.adv.txt

BID - 5845

BUGTRAQ - 20021001 iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities

REDHAT - RHSA-2003:073

XF - sendmail-forward-bypass-smrsh(10232)

NETBSD - NetBSD-SA2002-023

MANDRIVA - MDKSA-2002:083

SECUNIA - 7826

CONECTIVA - CLA-2002:532


Last Updated: 27 May 2016 10:37:12