Sendmail < 8.6.8 -debug Local Privilege Escalation

high Nessus Plugin ID 11348

Synopsis

The remote host has an application that is affected by local privilege escalation vulnerability.

Description

The remote Sendmail server, according to its version number, allows local users to gain root access via a large value in the debug (-d) command line option.

Solution

Install Sendmail newer than versions 8.6.8 or install a vendor supplied patch.

Plugin Details

Severity: High

ID: 11348

File Name: sendmail_long_debug.nasl

Version: 1.10

Type: remote

Family: SMTP problems

Published: 3/11/2003

Updated: 8/22/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-1999-1309

CVSS v3

Risk Factor: High

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:sendmail:sendmail

Required KB Items: installed_sw/Sendmail

Vulnerability Publication Date: 3/13/1994

Reference Information

CVE: CVE-1999-1309

Detections

Analytics