SMTP problems : Sendmail 8.8.8 to 8.12.7 Double Pipe Access Validation Vulnerability

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.11321

Category: SMTP problems

Title: Sendmail 8.8.8 to 8.12.7 Double Pipe Access Validation Vulnerability

Summary: Checks sendmail's version number

Description:
smrsh (supplied by Sendmail) is designed to prevent the execution of
commands outside of the restricted environment. However, when commands
are entered using either double pipes (||) or a mixture of dot
and slash characters, a user may be able to bypass the checks
performed by smrsh. This can lead to the execution of commands
outside of the restricted environment.

Solution : upgrade to the latest version of Sendmail (or at least 8.12.8).

Cross-Ref: BugTraq ID: 5845
Common Vulnerability Exposure (CVE) ID: CVE-2002-1165
Bugtraq: 20021001 iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=103350914307274&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2002:083
NETBSD Security Advisory: NetBSD-SA2002-023
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.asc
Conectiva Linux advisory: CLA-2002:532
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000532
FreeBSD Security Advisory: FreeBSD-SA-03:04
Caldera Security Advisory: CSSA-2002-052.0
SGI Security Advisory: 20030101-01-P
http://www.redhat.com/support/errata/RHSA-2003-073.html
http://secunia.com/advisories/7826
http://www.iss.net/security_center/static/10232.php
http://www.securityfocus.com/bid/5845
Common Vulnerability Exposure (CVE) ID: CVE-2002-1337
ISS Security Advisory: 20030303 Remote Sendmail Header Processing Vulnerability
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
Bugtraq: 20030303 sendmail 8.12.8 available (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=104673778105192&w=2
Bugtraq: 20030304 [LSD] Technical analysis of the remote sendmail vulnerability (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=104678739608479&w=2
http://www.cert.org/advisories/CA-2003-07.html
http://www.redhat.com/support/errata/RHSA-2003-074.html
http://www.redhat.com/support/errata/RHSA-2003-227.html
SGI Security Advisory: 20030301-01-P
ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
AIX APAR: IY40500
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
AIX APAR: IY40501
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
AIX APAR: IY40502
http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
SuSE Security Announcement: SuSE-SA:2003:013 (Google Search)
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
NETBSD Security Advisory: NetBSD-SA2003-002
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc
Conectiva Linux advisory: CLA-2003:571
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
Debian Security Information: DSA-257 (Google Search)
http://www.debian.org/security/2003/dsa-257
HPdes Security Advisory: HPSBUX0302-246
http://marc.theaimsgroup.com/?l=bugtraq&m=104679411316818&w=2
Caldera Security Advisory: CSSA-2003-SCO.6
ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
Caldera Security Advisory: CSSA-2003-SCO.5
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
Bugtraq: 20030304 GLSA: sendmail (200303-4) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=104678862409849&w=2
Bugtraq: 20030303 Fwd: APPLE-SA-2003-03-03 sendmail (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=104678862109841&w=2
CERT/CC vulnerability note: VU#398025
http://www.kb.cert.org/vuls/id/398025
BugTraq ID: 6991
http://www.securityfocus.com/bid/6991
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2222
http://www.iss.net/security_center/static/10748.php

Copyright This script is Copyright (C) 2003 StrongHoldNet

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.11321
Category:	SMTP problems
Title:	Sendmail 8.8.8 to 8.12.7 Double Pipe Access Validation Vulnerability
Summary:	Checks sendmail's version number
Description:	smrsh (supplied by Sendmail) is designed to prevent the execution of commands outside of the restricted environment. However, when commands are entered using either double pipes (\|\|) or a mixture of dot and slash characters, a user may be able to bypass the checks performed by smrsh. This can lead to the execution of commands outside of the restricted environment. Solution : upgrade to the latest version of Sendmail (or at least 8.12.8).
Cross-Ref:	BugTraq ID: 5845 Common Vulnerability Exposure (CVE) ID: CVE-2002-1165 Bugtraq: 20021001 iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=103350914307274&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2002:083 NETBSD Security Advisory: NetBSD-SA2002-023 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.asc Conectiva Linux advisory: CLA-2002:532 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000532 FreeBSD Security Advisory: FreeBSD-SA-03:04 Caldera Security Advisory: CSSA-2002-052.0 SGI Security Advisory: 20030101-01-P http://www.redhat.com/support/errata/RHSA-2003-073.html http://secunia.com/advisories/7826 http://www.iss.net/security_center/static/10232.php http://www.securityfocus.com/bid/5845 Common Vulnerability Exposure (CVE) ID: CVE-2002-1337 ISS Security Advisory: 20030303 Remote Sendmail Header Processing Vulnerability http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 Bugtraq: 20030303 sendmail 8.12.8 available (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=104673778105192&w=2 Bugtraq: 20030304 [LSD] Technical analysis of the remote sendmail vulnerability (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=104678739608479&w=2 http://www.cert.org/advisories/CA-2003-07.html http://www.redhat.com/support/errata/RHSA-2003-074.html http://www.redhat.com/support/errata/RHSA-2003-227.html SGI Security Advisory: 20030301-01-P ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P AIX APAR: IY40500 http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only AIX APAR: IY40501 http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only AIX APAR: IY40502 http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only SuSE Security Announcement: SuSE-SA:2003:013 (Google Search) http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028 NETBSD Security Advisory: NetBSD-SA2003-002 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc Conectiva Linux advisory: CLA-2003:571 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571 Debian Security Information: DSA-257 (Google Search) http://www.debian.org/security/2003/dsa-257 HPdes Security Advisory: HPSBUX0302-246 http://marc.theaimsgroup.com/?l=bugtraq&m=104679411316818&w=2 Caldera Security Advisory: CSSA-2003-SCO.6 ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6 Caldera Security Advisory: CSSA-2003-SCO.5 ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5 Bugtraq: 20030304 GLSA: sendmail (200303-4) (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=104678862409849&w=2 Bugtraq: 20030303 Fwd: APPLE-SA-2003-03-03 sendmail (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=104678862109841&w=2 CERT/CC vulnerability note: VU#398025 http://www.kb.cert.org/vuls/id/398025 BugTraq ID: 6991 http://www.securityfocus.com/bid/6991 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2222 http://www.iss.net/security_center/static/10748.php
Copyright	This script is Copyright (C) 2003 StrongHoldNet