Solaris sendmail .forward Local Privilege Escalation

high Nessus Plugin ID 11364

Synopsis

The remote server is vulnerable to a privilege escalation attack.

Description

The remote sendmail server, according to its version number, may be vulnerable to a local privilege escalation attack when using forward files.

*** Sun did not increase the version number of their sendmail
*** when patching Solaris 7 and 8, so this might be a false
*** positive on these platforms.

An attacker may set up a special .forward file in his home and send a mail to himself, which will trick sendmail and will allow him to execute arbitrary commands with root privileges.

Solution

Upgrade to the latest version of sendmail

Plugin Details

Severity: High

ID: 11364

File Name: sendmail_sun_forward.nasl

Version: 1.20

Type: remote

Family: SMTP problems

Published: 3/12/2003

Updated: 7/24/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:sendmail:sendmail

Required KB Items: SMTP/sendmail

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/6/2003

Reference Information

CVE: CVE-2003-1076

BID: 7033

Detections

Analytics