vendor:
Sendmail
by:
SecurityFocus
7.5
CVSS
HIGH
Bypassing smrsh Restrictions
78
CWE
Product Name: Sendmail
Affected Version From: Sendmail 8.12.0
Affected Version To: Sendmail 8.12.9
Patch Exists: YES
Related CWE: N/A
CPE: a:sendmail:sendmail
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Unix and Linux
2002
Bypassing smrsh Restrictions in Sendmail
Sendmail is a freely available, open source mail transport agent. It is maintained and distributed by the Sendmail Consortium. Sendmail is available for the Unix and Linux operating systems. smrsh is designed to prevent the execution of commands outside of the restricted environment. However, when commands are entered using either double pipes (||) or a mixture of dot (.) and slash (/) characters, a user may be able to bypass the checks performed by smrsh. This could lead to the execution of commands outside of the restricted environment.
Mitigation:
Ensure that smrsh is configured to restrict access to only those commands that are necessary.
