Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:665 |
Message | SMTP sendmail 5.6.5 exploit |
Summary | This event is generated when a remote user attempts to exploit a Sendmail vulnerability where a remote user can execute arbitrary code on an server running older versions of Sendmail. |
Impact | Severe. Remote execution of arbitrary code, leading to remote root compromise. |
Detailed Information | Earlier versions of Sendmail contain a vulnerability in message header parsing. This vulnerability can be exploited by a remote user who sends an email message with a malformed MAIL FROM value to a vulnerable Sendmail implementation. The server then executes any arbitrary shell code included in the text of the email. |
Affected Systems | Systems running Sendmail versions lower than 8.6.10. |
Attack Scenarios | An attacker sends an email using |usr/bin/tail|usr/bin/sh as the MAIL FROM value. Arbitrary shell code placed in the text of the email message is executed by the mail server with the security context of Sendmail. |
Ease of Attack | Simple. |
Corrective Action | Upgrade to Sendmail version 8.6.10 or higher. |
Additional References | CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0203 Bugtraq http://www.securityfocus.com/bid/2308 CERT http://www.cert.org/advisories/CA-1995-08.html |
Rule References | arachnids: 122 bugtraq: 2308 cve: 1999-0203 |
--
DID:793103
--
http://www.aanval.com/