header-logo
Suggest Exploit
vendor:
Sendmail
by:
SecurityFocus
7.5
CVSS
HIGH
Integer Overflow
190
CWE
Product Name: Sendmail
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Sendmail Debugging Functionality Input Validation Error

The problem is the result of the use of signed integers in the program's tTflag() function, which is responsible for processing arguments supplied from the command line with the '-d' switch and writing the values to it's internal 'trace vector'. The vulnerability exists because it is possible to cause a signed integer overflow by supplying a large numeric value for the 'category' part of the debugger arguments. The numeric value is used as an index for the trace vector, and can therefore be used to write within a certain range of process memory if a negative value is given. Because the '-d' command-line switch is processed before the program drops its elevated privileges, this could lead to a full system compromise. This vulnerability has been successfully exploited in a laboratory environment.

Mitigation:

Ensure that all input is properly validated and sanitized before being used.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3163/info
   
An input validation error exists in Sendmail's debugging functionality.
   
The problem is the result of the use of signed integers in the program's tTflag() function, which is responsible for processing arguments supplied from the command line with the '-d' switch and writing the values to it's internal "trace vector." The vulnerability exists because it is possible to cause a signed integer overflow by supplying a large numeric value for the 'category' part of the debugger arguments. The numeric value is used as an index for the trace vector, and can therefore be used to write within a certain range of proces memory if a negative value is given.
   
Because the '-d' command-line switch is processed before the program drops its elevated privileges, this could lead to a full system compromise. This vulnerability has been successfully exploited in a laboratory environment.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21063.tar.gz

Navigation

Suggest Exploit

Services By CQR