Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2001-0713
HistoryOct 30, 2001 - 5:00 a.m.

CVE-2001-0713

2001-10-3005:00:00
NVD-CWE-Other
[email protected]
web.nvd.nist.gov
25
cve-2001-0713
sendmail
configuration files
privilege escalation
nvd

6.6 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.

CPENameOperatorVersion
sendmail:sendmailsendmaille8.12.1

Related

openvas 1
nessus 1
securityvulns 1
openvas
openvas
Sendmail 8.12.0.x Custom Configuration File Vulnerability
2005-11-03 00:00:00
nessus
nessus
Sendmail -C Malformed Configuration Privilege Escalation
2002-08-18 00:00:00
securityvulns
securityvulns
RAZOR advisory: multiple Sendmail vulnerabilities
2001-10-02 00:00:00

6.6 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for CVE-2001-0713
openvas1nessus1securityvulns1