Lucene search
This script is Copyright (C) 2002-2018 and is owned by Tenable, Inc. or an Affiliate thereof.SENDMAIL_CUSTOM_CONFIG.NASLHistoryAug 18, 2002 - 12:00 a.m.
Sendmail -C Malformed Configuration Privilege Escalation
2002-08-1800:00:00
This script is Copyright (C) 2002-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
0
Percentile
5.1%
The remote Sendmail server, according to its version number, may be vulnerable to a ‘Mail System Compromise’ when a user supplies a custom configuration file.
Although the mail server is supposed to run as a non-privileged user, a programming error allows the local attacker to regain the extra dropped privileges and run commands as root.
#
# (C) Tenable Network Security, Inc.
#
# References:
# From: "Michal Zalewski" <[email protected]>
# To: [email protected]
# CC: [email protected]
# Subject: RAZOR advisory: multiple Sendmail vulnerabilities
include("compat.inc");
if (description)
{
script_id(11086);
script_version("1.22");
script_cvs_date("Date: 2018/09/17 21:46:53");
script_cve_id("CVE-2001-0713");
script_bugtraq_id(3377);
script_name(english: "Sendmail -C Malformed Configuration Privilege Escalation");
script_summary(english: "Checks Sendmail version number for 'custom config file'");
script_set_attribute(attribute:"synopsis", value:
"The remote server is vulnerable to a privilege escalation attack.");
script_set_attribute(attribute:"description", value:
"The remote Sendmail server, according to its version number, may be
vulnerable to a 'Mail System Compromise' when a user supplies a custom
configuration file.
Although the mail server is supposed to run as a non-privileged user, a
programming error allows the local attacker to regain the extra
dropped privileges and run commands as root.");
script_set_attribute(attribute:"solution", value:"Upgrade to the latest version of Sendmail.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2001-0713");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2001/10/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2002/08/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:sendmail:sendmail");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2002-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SMTP problems");
script_dependencies("sendmail_detect.nbin");
script_require_keys("installed_sw/Sendmail");
exit(0);
}
include("vcf.inc");
app_info = vcf::get_app_info(app:"Sendmail");
constraints = [{ "fixed_version" : "8.12.1" }];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Related
cvelist
cvelist
CVE-2001-0713
2001-10-12 04:00:00
openvas
openvas
Sendmail 8.12.0.x Custom Configuration File Vulnerability
2005-11-03 00:00:00
cve
cve
CVE-2001-0713
2001-10-30 05:00:00
nvd
nvd
CVE-2001-0713
2001-10-30 05:00:00
securityvulns
securityvulns
RAZOR advisory: multiple Sendmail vulnerabilities
2001-10-02 00:00:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
0
Percentile
5.1%
Related for SENDMAIL_CUSTOM_CONFIG.NASL