CVE Vulnerabilities

CVE-2002-1165

Published: Oct 11, 2002 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Sendmail Consortium’s Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) || sequences or (2) / characters, which are not properly filtered or verified.

Affected Software

Name Vendor Start Version End Version
Sendmail Sendmail 8.12.0 8.12.0
Sendmail Sendmail 8.12.1 8.12.1
Sendmail Sendmail 8.12.2 8.12.2
Sendmail Sendmail 8.12.3 8.12.3
Sendmail Sendmail 8.12.4 8.12.4
Sendmail Sendmail 8.12.5 8.12.5
Sendmail Sendmail 8.12.6 8.12.6
Sendmail Ubuntu dapper *
Sendmail Ubuntu devel *
Sendmail Ubuntu edgy *
Sendmail Ubuntu feisty *

References