GEN:SID 1:665
Message SMTP sendmail 5.6.5 exploit
Summary This event is generated when a remote user attempts to exploit a Sendmail vulnerability where a remote user can execute arbitrary code on an server running older versions of Sendmail.
Impact Severe. Remote execution of arbitrary code, leading to remote root compromise.
Detailed Information Earlier versions of Sendmail contain a vulnerability in message header parsing. This vulnerability can be exploited by a remote user who sends an email message with a malformed MAIL FROM value to a vulnerable Sendmail implementation. The server then executes any arbitrary shell code included in the text of the email.
Affected Systems Systems running Sendmail versions lower than 8.6.10.
Attack Scenarios An attacker sends an email using |usr/bin/tail|usr/bin/sh as the MAIL FROM value. Arbitrary shell code placed in the text of the email message is executed by the mail server with the security context of Sendmail.
Ease of Attack Simple.
Corrective Action Upgrade to Sendmail version 8.6.10 or higher.
Additional References CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0203

Bugtraq
http://www.securityfocus.com/bid/2308

CERT
http://www.cert.org/advisories/CA-1995-08.html
Rule References arachnids: 122
bugtraq: 2308
cve: 1999-0203