Executive Summary

Informations
NameCVE-2001-0713First vendor Publication2001-10-30
VendorCveLast vendor Modification2008-09-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score4.6Attack RangeLocal
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0713

CPE : Common Platform Enumeration

TypeDescriptionCount
Application48

OpenVAS Exploits

DateDescription
2005-11-03Name : Sendmail custom configuration file
File : nvt/sendmail_custom_config.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
9301Sendmail -C Malformed Configuration Local Privilege Escalation

Nessus® Vulnerability Scanner

DateDescription
2002-08-18Name : The remote server is vulnerable to a privilege escalation attack.
File : sendmail_custom_config.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/3377
BINDVIEW http://razor.bindview.com/publish/advisories/adv_sm812.html
XF http://www.iss.net/security_center/static/7192.php

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2016-04-26 11:55:33
  • Multiple Updates
2014-02-17 10:23:54
  • Multiple Updates
2013-05-11 12:05:02
  • Multiple Updates