SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | sendmail | < 8.17.1.9-2 | sendmail_8.17.1.9-2_all.deb |
Debian | 11 | all | sendmail | < 8.15.2-22 | sendmail_8.15.2-22_all.deb |
Debian | 10 | all | sendmail | < 8.15.2-14~deb10u1 | sendmail_8.15.2-14~deb10u1_all.deb |
Debian | 999 | all | sendmail | < 8.18.1-3 | sendmail_8.18.1-3_all.deb |
Debian | 13 | all | sendmail | < 8.18.1-3 | sendmail_8.18.1-3_all.deb |