Back to search
CVE-2001-0713
Published: Oct 12, 2001
Modified: Aug 8, 2024
PUBLISHED
Description
Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20011001 Multiple Local Sendmail Vulnerabilities
vendor-advisory
x_refsource_BINDVIEW
3377
vdb-entry
x_refsource_BID
sendmail-setregid-gain-privileges(7192)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now