Sendmail Consortiums Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) || sequences or (2) / characters, which are not properly filtered or verified.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sendmail | Sendmail | 8.12.0 (including) | 8.12.0 (including) |
| Sendmail | Sendmail | 8.12.1 (including) | 8.12.1 (including) |
| Sendmail | Sendmail | 8.12.2 (including) | 8.12.2 (including) |
| Sendmail | Sendmail | 8.12.3 (including) | 8.12.3 (including) |
| Sendmail | Sendmail | 8.12.4 (including) | 8.12.4 (including) |
| Sendmail | Sendmail | 8.12.5 (including) | 8.12.5 (including) |
| Sendmail | Sendmail | 8.12.6 (including) | 8.12.6 (including) |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Linux 6.2 | RedHat | * | |
| Red Hat Linux 7.0 | RedHat | * | |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.2 | RedHat | * | |
| Red Hat Linux 7.3 | RedHat | * | |
| Red Hat Linux 8.0 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
| Sendmail | Ubuntu | dapper | * |
| Sendmail | Ubuntu | devel | * |
| Sendmail | Ubuntu | edgy | * |
| Sendmail | Ubuntu | feisty | * |