GEN:SID | 1:665 |
Message | SMTP sendmail 5.6.5 exploit |
Summary | This event is generated when a remote user attempts to exploit a Sendmail vulnerability where a remote user can execute arbitrary code on an server running older versions of Sendmail.
|
Impact | Severe. Remote execution of arbitrary code, leading to remote root compromise.
|
Detailed Information | Earlier versions of Sendmail contain a vulnerability in message header parsing. This vulnerability can be exploited by a remote user who sends an email message with a malformed MAIL FROM value to a vulnerable Sendmail implementation. The server then executes any arbitrary shell code included in the text of the email.
|
Affected Systems | Systems running Sendmail versions lower than 8.6.10.
|
Attack Scenarios | An attacker sends an email using |usr/bin/tail|usr/bin/sh as the MAIL FROM value. Arbitrary shell code placed in the text of the email message is executed by the mail server with the security context of Sendmail.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to Sendmail version 8.6.10 or higher.
|
Additional References | CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0203
Bugtraq http://www.securityfocus.com/bid/2308
CERT http://www.cert.org/advisories/CA-1995-08.html
|
Rule References | arachnids: 122
bugtraq: 2308
cve: 1999-0203
|