vendor:
OpenLinux, Debian Linux, RedHat Linux
by:
SecurityFocus
7.2
CVSS
HIGH
Vixie Cron MAILTO Sendmail Vulnerability
78
CWE
Product Name: OpenLinux, Debian Linux, RedHat Linux
Affected Version From: Caldera OpenLinux 2.2 ,Debian Linux 2.1/2.2,RedHat Linux <= 6.0
Affected Version To: Caldera OpenLinux 2.2 ,Debian Linux 2.1/2.2,RedHat Linux <= 6.0
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2001
Caldera OpenLinux 2.2 ,Debian Linux 2.1/2.2,RedHat Linux <= 6.0 Vixie Cron MAILTO Sendmail Vulnerability
Failure by the vixie cron daemon from validating the contents of a user supplied environment variable allow a malicious users to pass arbitrary command line arguments to sendmail while running as the root user. The cron daemon uses the cron_popen function to send email to the user that queue commands for execution by cron. The user can set a MAILTO environment variable before calling cron to have it send the email to a different address. The cron daemon passes the contents of this environment variable to sendmail via the command line while executing as the root user. This allow a local malicious user to obtain root access.
Mitigation:
Restrict access to cron and crontab files, and ensure that the MAILTO environment variable is not set in the crontab files.
