Sendmail ResrictQueueRun Debug Information Disclosure

medium Nessus Network Monitor Plugin ID 2027

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote Sendmail server discloses too much information to local users when the command 'sendmail -q -d0-nnn.xxx' is executed. A local attacker may use this flaw to gather data about your local sendmail configuration.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Medium

ID: 2027

Family: SMTP Servers

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 11088

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:sendmail:sendmail

Reference Information

CVE: CVE-2001-0715

BID: 3898

Detections

Analytics