CVE Vulnerabilities

CVE-2002-1165

Published: Oct 11, 2002 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Sendmail Consortiums Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) || sequences or (2) / characters, which are not properly filtered or verified.

Affected Software

Name Vendor Start Version End Version
Sendmail Sendmail 8.12.3 8.12.3
Sendmail Sendmail 8.12.4 8.12.4
Sendmail Sendmail 8.12.1 8.12.1
Sendmail Sendmail 8.12.5 8.12.5
Sendmail Sendmail 8.12.0 8.12.0
Sendmail Sendmail 8.12.6 8.12.6
Sendmail Sendmail 8.12.2 8.12.2

References