Sendmail Consortiums Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) || sequences or (2) / characters, which are not properly filtered or verified.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sendmail | Sendmail | 8.12.3 | 8.12.3 |
Sendmail | Sendmail | 8.12.4 | 8.12.4 |
Sendmail | Sendmail | 8.12.1 | 8.12.1 |
Sendmail | Sendmail | 8.12.5 | 8.12.5 |
Sendmail | Sendmail | 8.12.0 | 8.12.0 |
Sendmail | Sendmail | 8.12.6 | 8.12.6 |
Sendmail | Sendmail | 8.12.2 | 8.12.2 |