Vulnerabilities > CVE-1999-0163 - Unspecified vulnerability in Eric Allman Sendmail
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN eric-allman
nessus
Summary
In older versions of Sendmail, an attacker could use a pipe character to execute root commands.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | SMTP problems |
| NASL id | SMTP_PROGRAM.NASL |
| description | The remote SMTP server did not complain when issued the command : MAIL FROM: root@this_host RCPT TO: |testing This probably means that it is possible to send mail directly to programs, which is a serious threat, since this allows anyone to execute arbitrary commands on this host. *** This security hole might be a false positive, since *** some MTAs will not complain to this test, but instead *** just drop the message silently. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10261 |
| published | 1999-08-22 |
| reporter | This script is Copyright (C) 1999-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10261 |
| title | Sendmail mail from/rcpt to Pipe Arbitrary Command Execution |