Vulnerabilities > CVE-1999-0145 - Unspecified vulnerability in Eric Allman Sendmail
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Sendmail WIZ command enabled, allowing root access.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | SMTP problems |
| NASL id | SENDMAIL_DEBUG.NASL |
| description | Your MTA accepts the DEBUG or WIZ command. It may be an old version of Sendmail. This command is dangerous as it allows remote users to execute arbitrary commands as root without the need to log in. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10247 |
| published | 1999-08-22 |
| reporter | This script is Copyright (C) 1999-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/10247 |
| title | Sendmail DEBUG/WIZ Remote Command Execution |
References
- http://seclists.org/fulldisclosure/2019/Jun/16
- http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html
- http://www.cert.org/advisories/CA-1990-11.html
- http://www.cert.org/advisories/CA-1993-14.html
- http://www.openwall.com/lists/oss-security/2019/06/05/4
- http://www.openwall.com/lists/oss-security/2019/06/06/1
- http://www2.dataguard.no/bugtraq/1995_1/0332.html