Sendmail MAIL FROM Command Arbitrary Remote Command Execution

high Nessus Plugin ID 10258

Synopsis

The remote SMTP server is vulnerable to authentication bypass.

Description

The remote SMTP server did not complain when issued the command :

MAIL FROM: |testing

This probably means that it is possible to send mail that will be bounced to a program, which is a serious threat, since this allows anyone to execute arbitrary commands on this host.

*** This security hole might be a false positive, since
*** some MTAs will not complain to this test, but instead
*** just drop the message silently

Solution

Upgrade your MTA or change it.

See Also

http://securitydigest.org/phage/archive/324

Plugin Details

Severity: High

ID: 10258

File Name: smtp_bounce.nasl

Version: 1.38

Type: remote

Published: 8/22/1999

Updated: 8/3/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: SMTP/sendmail

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/4/1988

Reference Information

CVE: CVE-1999-0203

BID: 2308