Sendmail < 8.7.6 Multiple Local Vulnerabilities

critical Nessus Plugin ID 11347

Synopsis

The remote host has an application that is affected by multiple vulnerabilities.

Description

The remote Sendmail server, according to its version number, has a buffer overflow and denial of service problem. Using a flaw in the GECOS field handling, it may allow a local user to gain root access.

Solution

Install Sendmail 8.7.6 or later.

Plugin Details

Severity: Critical

ID: 11347

File Name: sendmail_875_bo.nasl

Version: 1.18

Type: remote

Family: SMTP problems

Published: 3/11/2003

Updated: 9/17/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-1999-0131

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:sendmail:sendmail

Required KB Items: installed_sw/Sendmail

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/23/1996

Reference Information

CVE: CVE-1999-0131

BID: 717

Detections

Analytics