RETIRED: Sendmail Remote Code Execution Vulnerability



Sendmail is prone to a remote code-execution vulnerability.

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition.

NOTE: This BID is being retired as it is a duplicate of BID 8641 (Sendmail Prescan() Variant Remote Buffer Overrun Vulnerability).

Information

Bugtraq ID: 98787
Class: Unknown
CVE:
Remote: Yes
Local: No
Published: Apr 14 2017 12:00AM
Updated: Apr 14 2017 12:00AM
Credit: Unknown.
Vulnerable: Sendmail Consortium Sendmail 8.11.6
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ FreeBSD FreeBSD 4.5 -RELEASE
+ FreeBSD FreeBSD 4.5
+ FreeBSD FreeBSD 4.4
+ Immunix Immunix OS 7.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Redhat Linux 7.3 i386
+ Redhat Linux 7.2 ia64
+ Redhat Linux 7.2 i386
+ Redhat Linux 7.1 i386
+ Redhat Linux 7.0 i386
+ Redhat Linux 6.2 i386
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ Sun Cobalt RaQ 550
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Sendmail Consortium Sendmail 8.11.2
+ Redhat Linux 7.1 ia64
+ Redhat Linux 7.1 i386
+ Redhat Linux 7.1 alpha
+ Redhat Linux 7.1
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
Sendmail Consortium Sendmail 8.11
+ Compaq Tru64 5.1 b
+ Compaq Tru64 5.1 a
+ Compaq Tru64 5.1
+ IBM AIX 5.2
+ IBM AIX 5.1
- Mandriva Linux Mandrake 7.2
+ Redhat Linux 7.0 sparc
+ Redhat Linux 7.0 i386
+ Redhat Linux 7.0 alpha
+ Redhat Linux 7.0
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 7.0
+ SCO Open Server 5.0.6 a
+ SCO Open Server 5.0.6
+ SCO Open Server 5.0.5
+ SCO Open Server 5.0.4
Redhat Enterprise Linux 7.1
Redhat Enterprise Linux 7


Not Vulnerable:

Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


References:

Related Posts

Comments