Sendmail Vulnerabilities


Summary

Assorted sendmail vulnerabilities.

The problems

With almost every sendmail version that was built before February 1998, a malicious user can gain unauthorized privileges by exploiting newlines in command-line arguments or in the process environment or in buffer overflow attacks. Intruders need not have access to an account on your system to exploit this problem.

Other possible exploits involve: using sendmail to generate a buffer overflow in the syslog facility. using the decode/uudecode commands to write to user files using the debug command to gain unauthorized access. using the VRFY/EXPN commands to determine user names

In addition, a Sendmail replacement program, Exim, may exhibit a remote command execution exploit for versions below Exim 3.34.

Fix

Other tips

CVE Reference(s):