|
|
Family: SMTP problems --> Category: infos
Sendmail 8.8.8 to 8.12.7 Double Pipe Access Validation Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks sendmail's version number
Detailed Explanation for this Vulnerability Test
smrsh (supplied by Sendmail) is designed to prevent the execution of
commands outside of the restricted environment. However, when commands
are entered using either double pipes (||) or a mixture of dot
and slash characters, a user may be able to bypass the checks
performed by smrsh. This can lead to the execution of commands
outside of the restricted environment.
Solution : upgrade to the latest version of Sendmail (or at least 8.12.8).
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
