Sendmail 8.12.x SMRSH Double Pipe Access Validation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5845/info Sendmail is a freely available, open source mail transport agent. It is maintained and distributed by the Sendmail Consortium. Sendmail is available for the Unix and Linux operating systems. smrsh is designed to...

Sendmail < 8.12.8 Double Pipe smrsh Bypass Overflow

Binary data 2039.prm...

Mandrake Linux Security Advisory : sendmail (MDKSA-2002:083)

A vulnerability was discovered by zen-parse and Pedram Amini in the sendmail MTA. They found two ways to exploit smrsh, an application intended as a replacement for the sh shell for use with sendmail; the first by inserting specially formatted commands in the /.forward file and secondly by callin...

RHEL 2.1 : sendmail (RHSA-2002:259)

The sendmail packages shipped with Red Hat Linux Advanced Server have a security bug if sendmail is configured to use smrsh. This security errata release fixes the problem. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 SMRSH the SendMail Restricted SHell is a /bin/sh...

Critical: Red Hat Security Advisory: : : : Updated sendmail packages fix vulnerabilities

Updated Sendmail packages are available for Red Hat Linux on IBM iSeries and pSeries systems to fix a vulnerability that allows local and possibly remote attackers to gain root privileges as well as a vulnerability that may allow remote attackers to gain root privileges by sending a carefully...

Sendmail 8.8.8 - 8.12.7 Multiple Vulnerabilities (Bypass, OF)

smrsh supplied by Sendmail is designed to prevent the execution of commands outside of the restricted environment. However, when commands are entered using either double pipes || or a mixture of dot and slash characters, a user may be able to bypass the checks performed by smrsh. This can lead to...

Critical: Red Hat Security Advisory: : Updated sendmail packages fix critical security issues

Updated Sendmail packages are available to fix a vulnerability that may allow remote attackers to gain root privileges by sending a carefully crafted message. These packages also fix a security bug if sendmail is configured to use smrsh. Sendmail is a widely used Mail Transport Agent MTA which is...

Low: Red Hat Security Advisory: sendmail security update

The sendmail packages shipped with Red Hat Linux Advanced Server have a security bug if sendmail is configured to use smrsh. This security errata release fixes the problem. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 SMRSH the SendMail Restricted SHell is a /bin/sh...

FreeBSD-SA-02:41.smrsh

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:41.smrsh Security Advisory The FreeBSD Project Topic: smrsh restrictions can be bypassed REVISED Category: core Module: contribsendmail Announced: 2002-11-15 Credits:...

CVE-2002-1165

CVE-2002-1165 affects Sendmail’s Restricted Shell (SMRSH). The issue allows bypassing smrsh restrictions by appending commands after || sequences or after / characters, due to improper filtering/verification. Affected: Sendmail versions around 8.11.x–8.12.x (and related ranges). Impact: a local a...

iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 10.01.02 Sendmail smrsh bypass vulnerabilities DESCRIPTION It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium’s Restricted Shell SMRSH and execute a binary of his choosing by inserti...

idefense.smrsh.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 10.01.02 Sendmail smrsh bypass vulnerabilities DESCRIPTION It is possible for an attacker to bypass the restrictions imposed by The Sendmail Consortium’s Restricted Shell SMRSH and execute a binary of his choosing by inserti...

Sendmail 8.12.x - SMRSH Double Pipe Access Validation

source: https://www.securityfocus.com/bid/5845/info Sendmail is a freely available, open source mail transport agent. It is maintained and distributed by the Sendmail Consortium. Sendmail is available for the Unix and Linux operating systems. smrsh is designed to prevent the execution of commands...

Sendmail 8.12.x - SMRSH Double Pipe Access Validation

Sendmail 8.12.x - SMRSH Double Pipe Access Validation source: https://www.securityfocus.com/bid/5845/info Sendmail is a freely available, open source mail transport agent. It is maintained and distributed by the Sendmail Consortium. Sendmail is available for the Unix and Linux operating systems...

FreeBSD-SA-96:03.sendmail-suggestion

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-96:03 Security Advisory FreeBSD, Inc. Topic: suggested action only sendmail smrsh now available Category: core Module: sendmail Announced: 1996-04-20 Affects: FreeBSD 2.1.0...