|Title:||Sendmail debug mode leak|
|Summary:||According to the version number of the remote mail server,; a local user may be able to obtain the complete mail configuration; and other interesting information about the mail queue.|
According to the version number of the remote mail server,
a local user may be able to obtain the complete mail configuration
and other interesting information about the mail queue.
Even if the attacker is not allowed to access those information
directly it is possible to circumvent this restriction by running:
sendmail -q -d0-nnnn.xxx
where nnnn & xxx are debugging levels.
If users are not allowed to process the queue (which is the default)
then you are not vulnerable.
Note: This vulnerability is _local_ only.
Upgrade to the latest version of Sendmail or
do not allow users to process the queue (RestrictQRun option)
BugTraq ID: 3898|
Common Vulnerability Exposure (CVE) ID: CVE-2001-0715
BindView Security Advisory: 20011001 Multiple Local Sendmail Vulnerabilities
SGI Security Advisory: 20011101-01-I
|Copyright||This script is Copyright (C) 2002 Michel Arboi|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.