Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802194
Category:SMTP problems
Title:Sendmail Mail Relay Vulnerability
Summary:This host is installed with Sendmail and is prone to mail relay; vulnerability.
Description:Summary:
This host is installed with Sendmail and is prone to mail relay
vulnerability.

Vulnerability Insight:
The flaw is due to an error in the mailconf module in Linuxconf which
generates the Sendmail configuration file (sendmail.cf) and configures Sendmail to run as an open mail
relay, which allows remote attackers to send Spam email.

Vulnerability Impact:
Successful exploitation will allow attackers to send email messages outside
of the served network. This could result in unauthorized messages being sent from the vulnerable server.

Affected Software/OS:
Linuxconf versions 1.24 r2, 1.2.5 r3
Linuxconf versions 1.24 r2, 1.2.5 r3 on Conectiva Linux 6.0 through 8
IBM AIX versions 4.3, 4.3.1, 4.3.2, 4.3.3, 5.1, 5.1 L, 5.2.

Solution:
Upgrade to the latest version of Linuxconf version 1.29r1 or later. For IBM AIX, apply the patch from
the referenced ibm link.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: BugTraq ID: 6118
BugTraq ID: 7580
Common Vulnerability Exposure (CVE) ID: CVE-2002-1278
http://www.securityfocus.com/bid/6118
Conectiva Linux advisory: CLA-2002:544
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000544
http://www.osvdb.org/6066
http://www.iss.net/security_center/static/10554.php
Common Vulnerability Exposure (CVE) ID: CVE-2003-0285
http://www.securityfocus.com/bid/7580
Bugtraq: 20030513 AIX sendmail open relay (Google Search)
http://marc.info/?l=bugtraq&m=105284689228961&w=2
CERT/CC vulnerability note: VU#814617
http://www.kb.cert.org/vuls/id/814617
http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt
XForce ISS Database: aix-sendmail-mail-relay(11993)
https://exchange.xforce.ibmcloud.com/vulnerabilities/11993
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.