Test Kennung:	1.3.6.1.4.1.25623.1.0.11088
Kategorie:	SMTP problems
Titel:	Sendmail DEBUG Mode Leak Vulnerability
Zusammenfassung:	According to the version number of the remote mail server,; a local user may be able to obtain the complete mail configuration and other interesting; information about the mail queue.
Beschreibung:	Summary: According to the version number of the remote mail server, a local user may be able to obtain the complete mail configuration and other interesting information about the mail queue. Vulnerability Insight: Even if the attacker is not allowed to access those information directly it is possible to circumvent this restriction by running: sendmail -q -d0-nnnn.xxx where nnnn & xxx are debugging levels. If users are not allowed to process the queue (which is the default) then you are not vulnerable. Note: This vulnerability is _local_ only. Solution: Update to the latest version of Sendmail or do not allow users to process the queue (RestrictQRun option). CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0715 BindView Security Advisory: 20011001 Multiple Local Sendmail Vulnerabilities http://razor.bindview.com/publish/advisories/adv_sm812.html SGI Security Advisory: 20011101-01-I ftp://patches.sgi.com/support/free/security/advisories/20011101-01-I
Copyright	Copyright (C) 2002 Michel Arboi

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.