CVE-2002-1165

Sendmail Consortiums Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) || sequences or (2) / characters, which are not properly filtered or verified.

Affected Software

Name	Vendor	Start Version	End Version
Sendmail	Sendmail	8.12.0 (including)	8.12.0 (including)
Sendmail	Sendmail	8.12.1 (including)	8.12.1 (including)
Sendmail	Sendmail	8.12.2 (including)	8.12.2 (including)
Sendmail	Sendmail	8.12.3 (including)	8.12.3 (including)
Sendmail	Sendmail	8.12.4 (including)	8.12.4 (including)
Sendmail	Sendmail	8.12.5 (including)	8.12.5 (including)
Sendmail	Sendmail	8.12.6 (including)	8.12.6 (including)
Red Hat Enterprise Linux AS (Advanced Server) version 2.1	RedHat		*
Red Hat Linux 6.2	RedHat		*
Red Hat Linux 7.0	RedHat		*
Red Hat Linux 7.1	RedHat		*
Red Hat Linux 7.1	RedHat		*
Red Hat Linux 7.2	RedHat		*
Red Hat Linux 7.3	RedHat		*
Red Hat Linux 8.0	RedHat		*
Red Hat Linux Advanced Workstation 2.1	RedHat		*
Sendmail	Ubuntu	dapper	*
Sendmail	Ubuntu	devel	*
Sendmail	Ubuntu	edgy	*
Sendmail	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-1165
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References